Editor’s Note: This post is part of the Forward Thinking series, which features expert opinions on the top security trends of 2011. Today’s post features Daniel Keelan, principal at E and T services.
Vulnerability of Mobile Apps
These applications are not immune from Trojans. There are cases cited in which outbound calls have been forced from iPhones. Other mobile devices have been turned into listening devices by exploiting the GSM code. The listening device scenario is even more disconcerting, as the GPS feature of smartphones can allow a specific user to be pin-pointed.
Google had a vulnerability in 2010 that allowed a hacker to access an Android’s Web browser. This could potentially lead to access to browser history, transaction history, and even to credentialed information. Android has been shown to have cross-site scripting vulnerabilities that injects code allowing a hacker to bypass access controls into a Web site.
How will these vulnerabilities take shape in 2011?
One of the most common ways that vulnerabilities occur (and will continue to occur) on mobile devices is through theft or physical loss. This threat from losing your mobile device is no different that the threat associated with losing or having a lap top stolen. As smartphones and tablets increase in popularity — and in their memory capacity – there will be even more data “out there” to mine. For instance, in 2011 more and more people walking along with their mobile devices will be accessing e-mails, contacts, documents, and spreadsheets that are downloaded and stored on their devices.
Mobile Apps Masquerading as Legitimate Apps
Here’s one you’ll here more about this year. The smartphone user community is made up of the same people who like to download interesting applications to their PCs and devices – and inadvertently — end up introducing malware onto these machines.
However, consumers are increasingly accessing corporate networks from their PCs and mobile devices. So, enterprise network managers should pay increasing attention to the applications being downloaded on mobile device. Apple lists several vulnerabilities that have been discovered at http://support.apple.com/kb/HT1318
In 2011, companies that deploy smartphones and tablets need to take further steps to control these devices in the same manner they control the desktops inside their enterprise network. For example, it’s a good idea for enterprise network managers should only allow company-issued smartphones and tablets. Also, to prevent malware and Trojans, enterprise network managers should lock-out any download capabilities of these devices.
Daniel Keelan can be reached at email@example.com.