When was the last time you considered your handheld or mobile device as a real threat?
There is a lot going on in the mobile security arena these days, and I'll try to explain a few of the considerations we review at Symantec, and what you can do about these new threats. Let's start off with a few basic premises for sake of discussion.
1. Smartphones play an increasingly vital role in today’s business and they frequently contain a wealth of sensitive information.
2. Smartphones represent the new computing platform paradigm for both business and leisure; however, these devices have become the new vulnerability.
So, what does this mean? As you know, many smartphones are more of a mini-computer than a phone. As such, these devices are "endpoints." These devices house sensitive information that is typically a blend of both professional and personal content. Lost smartphones are a serious threat for companies and consumers alike, exposing both personal and company data on multiple levels. From a corporate perspective, data breach can be very costly. In 2007, the average data breach cost more than $6M, which can lead to Crisis PR activity, brand Image loss, Remediation, Compensation, and Legal costs.
The mobile threat landscape is becoming a prime focus for cybercriminals and Symantec is committed to securing that vital gateway. As you can imagine, Symantec Security Response is just as vigilant about mobile threats as it is about staying a step ahead of traditional threats, and mobile and cross-over threats. There are four trigger points which are presenting themselves now and hackers are taking notice:
o Open operating systems
o Mass distribution of devices
o Smartphones that are frequently connected to the Internet
o Smartphones that are not secured
Here are a few sample threats that we watch:
• Pranking For Profit: A new class of attacks intended to steal money (as opposed to data) from compromised terminals. This type of crime ware uses what is known as RedBrowser to infect smartphone and send premium SMS messages from the device to a Website that withdraws money from a bank or credit account before the user or network becomes wise
• Snoopware: Remotely access a smartphone to activate the microphone feature and listen to private conversations or confidential corporate meetings. Such software is also capable of viewing a calendar and list of contacts on a handheld device, making it easier for a cyber criminal to know exactly which meetings are worth eavesdropping.
• Bluejacking/bluespamming – A practice of sending anonymous text messages to mobile users using Bluetooth technology (mobile spam)
• The unauthorized access of information from a wireless device through a Bluetooth connection. This allows access to a calendar, contact list, emails and text messages, and on some phones users can copy pictures and private videos
So what can you and your organization do to stay one step ahead of the mobile threats? Consider these best practices to avoid becoming a victim of the latest threats
• Be vigilant. Don’t leave your handheld laying out on a café table or in an outside pocket of your purse or backpack
• Password-protect your smartphones. Use strong password and PINs to make it difficult for thieves to access them
• Make backups. Just as you would for your PC or Mac, set up a regular backup schedule for the information on your mobile devices
• Limit the amount of confidential data you carry on your smartphones. Use memory sticks or another removable medium to store sensitive information
• Encrypt your most important files. A number of third-party software programs give you the ability to encrypt your smartphones
• Protect your smartphones with security software that is designed to secure them from new types of malware
• Use secure wireless connections. If you can’t find one, save important transmissions until you can connect to a secure environment
• Disable Bluetooth and wireless signals when they’re not in use
• Use the same savvy surfing habits you do when connected over a land line
Stay one step ahead, and stay secure - Symantec secure.