Android Trojan Points Out Mobile Security's Trust Problem
Malware that records your phone calls sounds bad, but there's a bigger problem.
An Android Trojan that security researchers brought to light this week--a piece of malware with the potential to record your phone calls--made some waves on the creepiness scale, though it hasn't been spotted in the wild. This story brings up an unpleasant truth about today's mobile device security: It's sometimes still too hard for smartphone owners to know who to trust.
This Trojan would travel with an app from an untrustworthy source and ask for some unusually generous permissions from you. If you don't download the app and give the permissions, your phone does not get the malware. But how do you know whose apps to trust? Could you be fooled, as hackers get craftier? Apps marketplaces don't yet have foolproof controls to keep malware creators out. InformationWeek.com's Robert Strohmeyer has 5 good pieces of advice on how to fight mobile malware.
You might want to send this article to anyone in your family for whom you are the unofficial IT person. (You do realize you're on the hook for smartphone support now, right? It's enough to make you nostalgic for the days of "Is the printer unplugged by any chance?") Family members confused by security pop-up messages on PCs will be confused by smartphone app marketplaces with unsavory apps that look genuine. Mark my words.
So will some users of company-owned smartphones. It's no mistake that mobile security and mobile device management continue to dominate IT worries about of the consumerization of IT. MobileIron today unveiled Connected Cloud, a new hosted version of their mobile device management tools for enterprises, as InformationWeek.com's Fritz Nelson reports. Tools like this give IT teams remote control power, access control and a unified view of company devices-not new concepts, of course, but could using a hosted version save you IT staff resources and/or money? Check out what Nelson has to say on one missing element in MobileIron's service.
Federal government agencies have just as urgent a need to secure mobile devices. NIST, the agency that creates standards for the federal government's use of technology, is now testing iPhones and iPads to identify the best ways to secure them for government workers and military personnel, reports InformationWeek.com's Liz Montalbano. Next time you want to put your enterprise mobile worries in perspective, consider this: The Defense Information Systems Agency (DISA) recently put out a request for information seeking advice on how to centrally manage up to 1 million devices, Montalbano reports.
Mobile device makers of several kinds would be wise to learn some security lessons from the Google Chromebook, especially related to hardening the operating system code, notes InformationWeek.com's Kurt Marko. Even if the gadget itself isn't a popular smash, it's worth studying for this reason, Marko says.
And on a related security note, stay tuned to InformationWeek.com and Dark Reading for more information on the "Shady Rat" attacks, a five-year cyber-espionage campaign that has hit national governments, global companies, nonprofits, and others, according to McAfee. We'll also keep you up to date on the most interesting news from BlackHat, as the security confab convenes Wednesday in Las Vegas.
Laurianne McLaughlin is editor-in-chief for InformationWeek.com. Follow her on Twitter at @lmclaughlin.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.