September’s Information Security magazine has an article on mobile applications calling them a menace and a danger that needs to be watched. Mobile security was also a very hot topic at several technical conferences this summer. Why the hullabaloo? How does this affect your network?
Smartphone users download applications all the time and don’t consider that there may be malware or other significant security risks. How many people in your company have smartphones or a tablet? I would estimate that to be 85% or higher. Each one of these users can cause a security risk by downloading an application that is infected with malware, or maybe one that sends secure information to the originator of the application. This may seem James Bond-like, but it is the reality of today’s technology.
Deloitte came up with the Top 10 Mobile Threats:
- Mobile device attack surface is narrow but deep
- Mobile malware
- Application (and subsequently data) proliferation
- Device and data loss
- Device and data ownership
- Network communication channels
- Immature security solutions
- Less IT control
- Exercising tight control has its downside
- Lack of a formal strategy
Your IT department needs to be aware of these potential risks and plan for these potential threats to your corporate network.
Mobile Device Attack
Near Field Communication (NFC) allows smartphones or other devices (tablets, e-readers, etc.) to communicate with each other through radio waves, as long as they are within a close proximity. Say that you are walking through the mall with your work smartphone and you pass within range of someone else who has NFC enabled on their phone. They can force your phone to load malware or browse to a site that has malware or other security risks without any interaction on your part. You then come back to the office and sync up your phone with your laptop. If your IT department is not prepared for this issue, there is the small chance that you just infected your network without your knowledge.
Mobile malware is growing. According to Juniper Networks, between July and November 2011 there was a 472% increase in Android malware. Your IT list should provide a list of approved apps, or possibly prohibit the use of any third-party applications. Mobile Device Management (MDM) is also a recommendation, unfortunately this adds cost to your IT overhead, but it can save you in the long run.