13 June 2011
STORING DATA ON HAND-HELDS COULD MEAN BUSINESS DISASTER
So far there has never been a major outbreak of mobile phone malware. Yet several security vendors including Sophos, Trend Micro, Norton and Kaspersky offer mobile versions of their security packages. It’s reasonable to question whether such software is really necessary in the absence of a visible virus threat.
In fact, viruses in the traditional sense (ie programs that spread by making copies of themselves) are rare these days, even on PC’s. By far the most common way to get infected is via a dodgy download from a seemingly innocuous web site. Since all major smartphones feature a full web browser and support third party applications, that’s a risk as applicable to mobile devices as it is to PC’s.
In some ways, mobile phones are better defended than regular PC’s, partly because they were designed in an age in which on-line threats are well understood. Mobile Operating Systems generally have security built in at a fundamental level. It would be impossible to give Windows that sort of security without risking software compatibility, and fundamentally changing the way that computers are used and have been for more than two decades.
Since mobile phones are used more casually than computers, they can also afford to place more restrictions on the user. Computer malware could all but be eliminated if Microsoft had to approve every application before it could be run on Windows, but if it tried to do so now there would be uproar.
With Apple’s iPhone though, exactly such a system is in place – making it extremely difficult for rogue software to get onto a phone – and millions of satisfied users have no complaints at all.
Although your smartphone may be less vulnerable to malware than your Windows PC, there are still dangers out there. Many online threats, for example, don’t involve software at all: phishing scams in which fake banking websites steal your login credentials, run just as well on a locked-down iPhone as on an unsecured PC.
In fact, the scam works better on a mobile platform: the smaller screen makes it harder to spot tell-tale mistakes on fake websites. Web addresses may be truncated in the browser, concealing incorrect web site names. Against threats such as this is vigilance and perhaps security software that can warn you when a website has a dodgy reputation.
Another danger is fake applications (Apps). These software programs which are disguised as games or tools, secretly monitor your keyboard or run malicious processes at the same time. Although Apple, Microsoft and Google all have more or less strict approval processes in place at their official application stores, these aren’t guaranteed to be fool proof, and if you download from other sources you don’t have even that thread of reassurance. In cases such as this, your only hope is mobile security software that can identify the malevolent code before it strikes.
Another potential danger is that many mobile phones used in a business environment update themselves from a company’s own e-mail system. Should an infection be picked up by an unprotected phone, then this has the potential to spread into that company’s e-mail system and beyond. It is not out of the question for someone to write some malware that could get into a company’s IT system and either attack it or collect information to be used at a later date for criminal activities.
What happens if you do get caught out? Mobile phones are a great opportunity for criminals since they’re directly linked to a payment system. For example, a rogue application could work by sending multiple text messages to a premium number, racking up huge costs over days and weeks. In fact, just such a program, disguised as a music player and distributed for Android, was detected last year by Kaspersky.
Although mobile malware hasn’t yet become a widespread problem, it’s clearly possible – and it’s becoming a more attractive prospect for criminals by the day. So while you may not feel the need to install a security suite on your phone right now, it’s important not to be complacent – the first epidemic could strike at any time.
To find out how to protect your Mobile Device, please contact the sales team at UK Business IT.
[Extracts from a variety of sources including PC Pro April 2011]
For further reading, please refer to:
