Troops' Android Devices Put In Virtual Security 'Bubble' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
6/21/2012
05:57 PM
50%
50%

Troops' Android Devices Put In Virtual Security 'Bubble'

Defense Advanced Research Projects Agency awards $21.4 million contract to security software firm Invincea to protect Android-based smartphones and tablets in the field.

The U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Laboratory (ARL) have awarded a $21.4 million contract to security software firm Invincea, Inc., to secure Android-based smartphones and tablets for the military.

"Today, we have 3,000 to 4,000 users in an ongoing program in Afghanistan using a secure, robust Android handheld device," said Dr. Mari Maeda, deputy director, Defense Sciences Office, DARPA," in an article on the U.S. Army website. "We roll out new capabilities every three to four months, from new apps to new server capabilities."

Invincea's software uses "lightweight virtualization to protect apps from being compromised,'' said Anup Ghosh, Invincea founder and CEO. Currently, security on the desktop in the enterprise is reactive--it protects against threats it knows about ahead of time, he said. The software Invincea is designing for DARPA puts a browser "in a bubble so when it gets compromised, the system does not," without requiring signatures for each threat. Invincea's platform "seamlessly moves the browser, PDF reader, Microsoft Office suite, .zip, and .exe file types from the native operating system into secure virtualized environments without altering the user experience," according to a separate statement.

"DARPA is ... clearly signaling they view the mobile device as the new battle field for where threats are going to be coming in the military," said Ghosh. "What we're going to see in the future is exploiting the apps you have already downloaded by taking advantage of the vulnerabilities in them, and the classic example is the browser."

Most enterprises are still focused on mobile device management (MDM), which addresses "basic blocking and tackling" by enforcing corporate policies across devices, Ghosh maintained, including the ability to remotely wipe a lost or stolen device, as well as forcing the use of passwords and added encryption to read emails.

A soldier from 2nd Brigade, 1st Armored Division, demonstrates a Nett Warrior device during NIE 12.2. As part of Capability Set 13, Nett Warrior is a soldier-worn, smartphone-like mission command system that connects with the JTRS Rifleman Radio to provide dismounted leaders with increased situational awareness and mission-related "apps." (source: army.mil)

"Where we are not, as far as technology development goes, is addressing the mobile malware threats: malware apps and exploiting vulnerabilities in the trusted apps," said Ghosh. "The industry hasn't yet tackled those two problems."

MDM is less about security and more about the management aspect of mobile devices, concurred Chris Hazelton, research director of mobile and wireless at The 451 Group. With the contract, DARPA is ensuring that the Android OS on its mobile devices is secure and the browser is siloed when it puts them in the hands of soldiers, he says.


Click here for 7 ways to toughen enterprise mobile device security.

Besides the browser, another emerging area of attack is when users click on a link sent in SMS texts, Ghosh noted. Hazelton added that downloading malicious apps from websites or app stores are other logical points of entry on mobile devices, as well as when false Wi-Fi access points are created--and even through the use of Bluetooth and NFC.

DARPA's mission is to avoid "technology surprise," said Ghosh. "What they're saying by investing in this new technology is, 'We anticipate that the adversary is going to move from desktop-oriented exploits to smart, handled device exploits,' and they're trying to get out in front of a threat before it becomes pervasive and without requiring a signature."

He declined to comment on specific features of the software, saying DARPA will not allow the security firm to discuss them in detail.

As to why the software is being developed for the Android OS, Ghosh said the military feels strongly about layering in security software on top of the open source platform. "Ironically, for same reason [Android is] targeted so heavily [by malware creators] it's a good operating system to secure,'' he explains. "We will target securing Windows Mobile when it captures enough market share for adversaries to develop exploits for it. Before then it won't make sense."

As for the corporate realm, Ghosh doesn't believe enough enterprises are yet overly concerned about their mobile devices becoming compromised. "What we anticipate is the technology being developed under the DARPA contract to protect military phones for military apps will have application for business apps,'' he said.

What the military has started to do is a good move, said Hazelton, because the Invincea software will lock down the devices while still providing some freedom for the soldiers who use them. "It lines up with what the next steps are in the enterprise: managing the application, not just the device."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll