Smartphone Security

Security Issues in Smartphone Markets

Are you buzzing about the new Verizon Blackberry Storm or the T Mobile G1? They are the new crave and everyone wants one right? What these owners many not know are the security risks that surround the raving technology. Most of the unawareness starts at companies and customers not placing more significance on security as smartphones get smarter. Although a smartphone may not be at greater risk than a PC, some security issues and risks are still present with PDA's and smartphones.

In the United Kingdom, a whooping 800,000 people were the victim of mobile phone theft in 2006. Even though 90 percent of these phones deactivated within 48 hours, what happened to the other 10% of users that lost data to the crime. Smartphones are linked to the corporate network and are as vital as a laptop on the company network. Also, you cannot stop your employees from having accidents by underestimating these devices.

Mobile phone operators can stop SIM cards and stop expensive calls from being made. However, a smartphone differs from regular mobile phones. Executives carry all kinds of information on the device, from confidential announcements, to financial results and business in progress. If any of these were ever lost, it could result in the lost of business and trust within company IT infrastructures.

It is important to recognize the dangers before permitting a full mobile device network within the company. When sending emails, texts, and using smartphone applications may seem harmless, however your phone could be very vulnerable to hijacker attacks. We will explore some security issues that surround some of the primary smartphones leading the markets today and address how to mitigate users' risk of being attacked.

Some of the issues that smartphones are having problems with securing encryption keys that can unlock cell phone holders' private information. Digital signatures are also being compromised through man in the middle and proxy attacks. While these may not seem to affect every user, surely the danger of having your password captured due to spyware may catch your attention. On the other hand, many Symbian Operating System security flaws that smartphones use to operate have proven to be the source of some application hijacks.

Since smartphones such as Blackberry do not require an application code signature, network access is permitted attackers access to owners' applications. This could cause third parties to send messages, edit, delete, and add contracts and PIM (Product Information Management) data, read and call phone numbers. Simple functions such as sending and receiving SMS (short message service) text messages can be intercepted by another application that could cause outgoing text messages to be picked up by an expensive application. This causes confusion to the smartphone owner who is oblivious that his or her messages have been negotiated leaving the customer to pay the bill. A problem for businessmen and/or businesswomen smartphone owners is opening certain files from their smartphone application can contain this malicious code causing the data to be compromised. A hackers' claim that they can pay one hundred dollars for an API key that can open backdoor to Blackberry's RIM (Research in Motion) devices. If this is true than owners and companies have to worry about the data integrity of within application and software.

Some issues that are present are the talk about an API key that can be bought for one hundred dollars. It gives hackers the ability to allow unauthorized network access. Let's take the iPhone developers. They have yet to incorporate Microsoft Exchange or Lotus Notes. This makes it easy for an Internet provider to expose private data due to unsecured connections to servers. The current iPhone user must forward their e-mail to an Internet service provider, potentially exposing data.

Trust could be gained if communications were encrypted from start o finish and usage of a VPN. Some devices like Blackberry and Sidekicks argue that there devices are encrypted from start to finish, but that is one on a phone service aspect. With growth in mobile networks full encryption should be implemented on both phone and web network sectors. VPN's could mitigate the issues surrounding application data integrity. VPN's use SSL (Secure Socket Layers). A SSL provide security and data integrity for communications over TCP/IP networks and are used in wide-spread use in applications like web browsing, electronic mail, instant messaging and voice-over-IP (VoIP). With this connection a user can ensure that pictures, text messages, emails, and application data going out or coming in is kept private.

Do users think spying on your smartphone is impossible or hard? Of course, spying through social engineering risk, but what about if users have no idea that they are being watched? When connected to a PC, smartphones no authentication. They are USB devices that can give up all data that is stored in them. If accessed by the wrong hacker, he or she could install malware that can store all of user events and upload them onto an Excel sheet. Scary? The same is true with SMS text messaging. A hacker sends an SMS message to the user. When the message is opened it installs the spyware onto the smartphone. Now the hacker can read and access all of the user messages.

So far, there is not an anti-malware that could scan smartphone devices and alert users. They only defense is to educate smartphone users and teach best policies and how to notice signs of malicious activity occurring within a device. One example is not to install updates that look specious or are unexpected. Call the company's customer service if there is something detected.

So what about viruses, worms, and Trojans? Is a smartphone capable of contracting these? Of course, mobile web could be a great threat to their personal networks and company networks. It may not be a big issue now, but in the future one uninformed user/ employee could cause a disruption by cause an entire network to fail. Cabir was the first worm discovered in June 2004. By the end of the year, 11 new variants of Cabir were reported, and by February 2005 Cabir surfaced in the United States. Trojans horses were soon announced to be present in mobile devices, some going by the name of Mos, Skulls, and CommWarrior. This was an unforeseen issue that can guarantee a resume update if damaged is caused by naive employees!

To prevent this issue a company can do a couple of things, update and enforce security policy and install anti-virus software for smartphone strands of viruses. Before the problem because a disruption education employees of the security risks and the consequences if the newly

...