SMARTER STRATEGIES

Smartphone Security: New Threats, New Tools

John Jainschigg | Date: 11-03-10 | Comments

• 10
• PrintPDF
• Filed Under: Smarter Strategies




• If you're like most IT professionals, you use your smartphone for everything from enterprise e-mail to intranet and network file access. But how vulnerable are phones to hacks?

• Even dyed-in-the-wool fans of technology populism and mobility will admit (if they think about it) that increasingly powerful smartphones are loose cannons in terms of security. They're handling enterprise e-mail. They're connecting to enterprise networks. They're surfing your intranet and network file system under executive authentication. They can be used deliberately (or remotely subverted into use) as behind-the-firewall hacking tools, hop-off points and denial-of-service nodes, even by relatively crude attacks like cross-site request forgery.

  Most of them are also vulnerable—or provide convenient hacking points of entry—when USB- (for access to mass storage, local sync or use in tethering) or Bluetooth-linked. Not to mention camera hacks.

  Luckily, as recently reported in eWEEK by Chris Preimesberger, suppliers of network infrastructure aren't taking the potential threat of mobile (or the fact that 99.999 percent of execs would rather die than surrender their pretty toys—causing a kind of "perfect storm" of potential profitability) lying down. Juniper Networks' Junos Pulse Mobile Security Suite—aimed at enterprise and mobile carriers—includes antivirus, personal firewall, anti-spam, device theft prevention, and monitoring and control services, and lets businesses secure e-mail and designated applications with encryption and policy-management tools. The Juniper product thus brings to free-range iPhone and Android mobiles (and BlackBerrys) protection comparable to that heretofore available only with BlackBerry Enterprise Server. And its availability (provided the solution delivered is of high quality) may, in some cases, stimulate a rethink of BES-centric enterprise mobility policy.

  Meanwhile, responsible IT leaders should also be looking beyond mobile device and connection security and assessing the darker potential of mobile devices as tools for intrusion, insertion, data loss and other bad news. A huge source of info (and entertainment, for the professionally or avocationally paranoid) is AirTight Networks, which offers a full suite of solutions for enterprise WiFi (and now mobile device) intrusion prevention, scanning, and compliance and performance management.

  At CSI 2010 on Oct. 28, AirTight demonstrated a new generation of smartphone-initiated and -mediated attacks against enterprise networks and data assets. Keystone of the demos is an attack AirTight developed and calls SmartPots (a trademarked term)—a mobile honeypot, terminating on a smart device and used to steal authentication credentials. The honeypot-as-attack-vector motif flip-flops the normal application of honeypot strategies as tools for intrusion and malware detection. For an early description of potentials in the latter case, a paper called "SmartPot—Creating a 1st Generation Smartphone Honeypot," by Michael Freeman and Andrew Woodward of Edith Cowan University and published in the Proceedings of the 7th Australian Digital Forensics Conference, is available here.

   

IBM Resources

• End to End Virtualization: A holistic approach for a dynamic environment.
• Business Analytics and Optimization Jumpstart: Embedding analytics to transform insights into action
• Cloud computing insights from 110 implementation projects
• Capturing the Potential of Cloud
• Analytics - the new path to value
• Social Business: Advent of a new age
• Becoming a Social Business: The IBM Story
• Meeting the Demands of the Smarter Consumer
• Business agility powers innovation, transformation and growth
• Inside the Midmarket - A 2011 Perspective
• Building a strong enterprise cloud foundation is critical to manage growth for SaaS providers
• Blue Cross Blue Shield of South Carolina: A Model of IT Efficiency
• A Simple Idea that Changed the World

Most Read

• Tablets, Smartphones Obsolete PowerPoint
• Top 10 Innovations of 2012
• Cloud Desktop Boosts Small Business
• Quantum Computing Almost Here
• Recent Reports Examine Smartphone Shopping Behaviors
• Tool Educates SMBs on the Cloud
• Facebook Gaming in Decline
• Meeting the Increasing Demand for Remote Internships
• New Wireless Technology Transforms the Remote

Trending

• Cloud Desktop Boosts Small Business
• Robots Construct Reconfigurable Buildings
• Motion Control Vaults Augmented Reality
• Nintendo Wii Diagnoses Eye Malady
• Smart Cities Win Awards
• Shipboard Humanoid Robot to Aid Navy
• Facebook Gaming in Decline
• Success Depends on Phrasing
• Online Video Spells Death for DVD

RELATED CONTENT

• BlackBerry BBX: Will It Be Enough to Save RIM?
• Enterprise Mobility Management Soars
• Get Ready for BI on the Fly
• 'Facebook' of Devices Will Secure the Mobile Enterprise
• Emerging Cyber-threats Predicted for 2011
• Bringing Better Security to Mobile Devices
• Five Technologies That Will Change the Enterprise B2B Business in 2011

View the IBM Smarter Analytics Leadership Summit

Videos

TWITTER FEED

• 20 minutes agoGood morning from Los Angeles! #ibmcloud
  
• 23 minutes agoThat's it from me! Over to North America.
  
• 29 minutes agoThe data processing of Roland Garros 2012 (#RG12) rests on IBM Private Cloud http://t.co/JUaY1ItM [French Press release]
  
• about 2 hours agoIBM Accelerates Business from Supply to Demand with New #Cloud Offerings For Smarter Commerce http://t.co/OFxknOb0 [Press Release]
  
• about 3 hours agoHow IBM #SmartCloud Foundation technology powers cloud adoption? IBM VP @SLHebner explains here http://t.co/sSzfa0O5 [VIDEO]
  
• about 4 hours agoIBM's Fiona Cullen will present ‘The Power of #Cloud: Driving Business Model’ On May 24 @ Utrecht, Netherlands #cloudforum2012 #ibmcloud
  
• about 5 hours agoBlog Post: Why service providers should not ignore cloud http://t.co/ZfQyue4r via @eMarcusNet #thoughtsoncloud
  
• about 6 hours agoHave any #cloudmoment? Share your story with us via Twitter, Instagram, YouTube, Facebook and tag it. See other stories http://t.co/J4ntsaQ5
  
• about 7 hours agoSign up now for IBM #SmartCloud Enterprise! No charge for select VMs (only till May 28). More Details >> http://t.co/2LEzOUZC #ibmcloud
  
• about 7 hours agoRT @HansMoen: See this video from @IBMCloud to learn how to cut costs in building innovation in your business http://t.co/XOyJoFn6 #clou ...
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register to view the archived "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar Register Now >

Connect with the The Future of IT Architecture blog