Mobile
Commentary
8/3/2011
11:59 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Android Trojan Points Out Mobile Security's Trust Problem

Malware that records your phone calls sounds bad, but there's a bigger problem.

InformationWeek Now--What's Hot Right Now
An Android Trojan that security researchers brought to light this week--a piece of malware with the potential to record your phone calls--made some waves on the creepiness scale, though it hasn't been spotted in the wild. This story brings up an unpleasant truth about today's mobile device security: It's sometimes still too hard for smartphone owners to know who to trust.

This Trojan would travel with an app from an untrustworthy source and ask for some unusually generous permissions from you. If you don't download the app and give the permissions, your phone does not get the malware. But how do you know whose apps to trust? Could you be fooled, as hackers get craftier? Apps marketplaces don't yet have foolproof controls to keep malware creators out. InformationWeek.com's Robert Strohmeyer has 5 good pieces of advice on how to fight mobile malware.

You might want to send this article to anyone in your family for whom you are the unofficial IT person. (You do realize you're on the hook for smartphone support now, right? It's enough to make you nostalgic for the days of "Is the printer unplugged by any chance?") Family members confused by security pop-up messages on PCs will be confused by smartphone app marketplaces with unsavory apps that look genuine. Mark my words.

So will some users of company-owned smartphones. It's no mistake that mobile security and mobile device management continue to dominate IT worries about of the consumerization of IT. MobileIron today unveiled Connected Cloud, a new hosted version of their mobile device management tools for enterprises, as InformationWeek.com's Fritz Nelson reports. Tools like this give IT teams remote control power, access control and a unified view of company devices-not new concepts, of course, but could using a hosted version save you IT staff resources and/or money? Check out what Nelson has to say on one missing element in MobileIron's service.

Federal government agencies have just as urgent a need to secure mobile devices. NIST, the agency that creates standards for the federal government's use of technology, is now testing iPhones and iPads to identify the best ways to secure them for government workers and military personnel, reports InformationWeek.com's Liz Montalbano. Next time you want to put your enterprise mobile worries in perspective, consider this: The Defense Information Systems Agency (DISA) recently put out a request for information seeking advice on how to centrally manage up to 1 million devices, Montalbano reports.

Mobile device makers of several kinds would be wise to learn some security lessons from the Google Chromebook, especially related to hardening the operating system code, notes InformationWeek.com's Kurt Marko. Even if the gadget itself isn't a popular smash, it's worth studying for this reason, Marko says.

And on a related security note, stay tuned to InformationWeek.com and Dark Reading for more information on the "Shady Rat" attacks, a five-year cyber-espionage campaign that has hit national governments, global companies, nonprofits, and others, according to McAfee. We'll also keep you up to date on the most interesting news from BlackHat, as the security confab convenes Wednesday in Las Vegas.

Laurianne McLaughlin is editor-in-chief for InformationWeek.com. Follow her on Twitter at @lmclaughlin.

See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.