Hacker attacks and growing use of 'smart' cell phones raise new concerns about information security
When Phil McMurray learned last week that the Cabir Bluetooth worm found an easier way to spread through a symbiotic relationship with the Skulls cell-phone Trojan, he was hardly surprised. McMurray, IT security officer at Advo Inc., a $1.2 billion-a-year provider of direct-mail services, was already in discussions with his security vendors about antivirus software and firewalls for several hundred smart phones and handhelds used by Advo employees. "These types of attacks serve as a catalyst," McMurray says. "We're beginning to take a serious look at these security issues. You don't want to get stuck behind the curve on something like this."
Security professionals like McMurray view the rising number of hacker attacks on mobile phones as much more than a mere annoyance to salespeople, executives, and other employees. The growth in PDA-like smart phones—which offer the ability to access E-mail, word-processing documents, and spreadsheets or, increasingly, to tap into enterprise applications—is creating a new channel for malicious viruses and worms to enter the greater IT infrastructure, risking damage or even harmful leaks of proprietary business information. Add in concerns about the spreading use of the radio-communication standard Bluetooth, and many people are deciding this channel's vulnerability is growing right along with its importance.
Cell-phone security must be taken seriously, says Jeff Nigriny, chief security officer with online exchange Exostar LLC.
Photo by D.A. Peterson
"Lots of corporate data is being held on these devices, and security needs to be taken seriously," says Jeff Nigriny, chief security officer with online exchange Exostar LLC. Nigriny is looking to secure some 20 mobile phones and wireless E-mail devices used by salespeople and senior executives. "These devices are heavily relied upon now," he says.
Security vendors haven't made cell phones a high priority, but they're starting to answer the call. Trend Micro Inc. this week will begin offering Trend Micro Mobile Security, software designed primarily to block spam sent via the Short Message Service standard but also to protect some types of phones from viruses. McAfee Inc. recently began offering a version of its VirusScan as a built-in service on new DoCoMo FOMA 901i series 3G mobile phones and says support for more models will follow. Symantec Corp. offers antivirus and security capabilities for PDAs and says it's developing antivirus and firewall security tools for mobile phones. And Nokia Corp. soon will distribute F-Secure Corp.'s Mobile Anti-Virus with its Nokia 7710 smart phone.
There's also an emerging group of startup companies offering protection for mobile devices, including cell phones. Bluefire Security Technologies Inc. is adding VPN capability to its upcoming Bluefire Mobile Security Suite, which will provide encrypted communications from the phone into the network, as well as integration with corporate identity databases that manage access rights to networked devices and applications, CEO Mark Komisky says. Also included with the suite will be the ability to spot so-called "rogue" devices, such as mobile phones not approved for company network access.
Companies shouldn't exaggerate the threat of mobile-phone viruses, since none has done significant damage and few phones are used as network-linked computing tools. Yet it's also true that the vendor community has a way to go to offer the suite of antivirus and other tools users need to combat a major threat or attack. "As a community, we're simply not ready yet," acknowledges Victor Kouznetsov, senior VP of McAfee's mobile solutions.
The recent hookup between Skulls and Cabir provides a spooky glimpse of what could happen. Early last month, unidentified virus writers posted on shareware Web sites what has since been named the Skulls Trojan, disguising it as a theme manager that offers cell-phone interface features. An undetermined number of people with cell phones running the popular Symbian mobile operating system downloaded Skulls. Rather than getting snappy new backgrounds and icons, their existing icons were transformed into skull-and-crossbones images, and applications on their phones stopped working.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.