Android Trojan Points Out Mobile Security's Trust Problem - InformationWeek
11:59 AM
Connect Directly

Android Trojan Points Out Mobile Security's Trust Problem

Malware that records your phone calls sounds bad, but there's a bigger problem.

InformationWeek Now--What's Hot Right Now
An Android Trojan that security researchers brought to light this week--a piece of malware with the potential to record your phone calls--made some waves on the creepiness scale, though it hasn't been spotted in the wild. This story brings up an unpleasant truth about today's mobile device security: It's sometimes still too hard for smartphone owners to know who to trust.

This Trojan would travel with an app from an untrustworthy source and ask for some unusually generous permissions from you. If you don't download the app and give the permissions, your phone does not get the malware. But how do you know whose apps to trust? Could you be fooled, as hackers get craftier? Apps marketplaces don't yet have foolproof controls to keep malware creators out.'s Robert Strohmeyer has 5 good pieces of advice on how to fight mobile malware.

You might want to send this article to anyone in your family for whom you are the unofficial IT person. (You do realize you're on the hook for smartphone support now, right? It's enough to make you nostalgic for the days of "Is the printer unplugged by any chance?") Family members confused by security pop-up messages on PCs will be confused by smartphone app marketplaces with unsavory apps that look genuine. Mark my words.

So will some users of company-owned smartphones. It's no mistake that mobile security and mobile device management continue to dominate IT worries about of the consumerization of IT. MobileIron today unveiled Connected Cloud, a new hosted version of their mobile device management tools for enterprises, as's Fritz Nelson reports. Tools like this give IT teams remote control power, access control and a unified view of company devices-not new concepts, of course, but could using a hosted version save you IT staff resources and/or money? Check out what Nelson has to say on one missing element in MobileIron's service.

Federal government agencies have just as urgent a need to secure mobile devices. NIST, the agency that creates standards for the federal government's use of technology, is now testing iPhones and iPads to identify the best ways to secure them for government workers and military personnel, reports's Liz Montalbano. Next time you want to put your enterprise mobile worries in perspective, consider this: The Defense Information Systems Agency (DISA) recently put out a request for information seeking advice on how to centrally manage up to 1 million devices, Montalbano reports.

Mobile device makers of several kinds would be wise to learn some security lessons from the Google Chromebook, especially related to hardening the operating system code, notes's Kurt Marko. Even if the gadget itself isn't a popular smash, it's worth studying for this reason, Marko says.

And on a related security note, stay tuned to and Dark Reading for more information on the "Shady Rat" attacks, a five-year cyber-espionage campaign that has hit national governments, global companies, nonprofits, and others, according to McAfee. We'll also keep you up to date on the most interesting news from BlackHat, as the security confab convenes Wednesday in Las Vegas.

Laurianne McLaughlin is editor-in-chief for Follow her on Twitter at @lmclaughlin.

See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll