Work and Life in the Mobile Society/Security/Threats
In the corporate world’s quest to grant employees greater mobility and freedom, while increasing productivity, mobile devices have become the technological solution. Within businesses, technology not only plays a supportive role, but is also a necessity for business growth. Recently, the development of wireless mobile communication helps businesses to reach new clients and establish new mobile bases (8). The exponential growth of mobile phones and their application in the business setting is mainly due to the rapid technological revolution that has taken place in the past decade from simple cell phones to smart phones with capabilities matching computers. The first quarter of 2008 alone showed an 11.6% growth in the mobile phone industry (1). Mobile phones provide flexibility and convenience, along with increased productivity and efficiency. However, these benefits have come at the cost of a rise in cyber crimes. Hackers are attracted to popular technology as it allows them to victimize large networks, in a shorter period.
Today’s mobile phones, if not secured properly, are a gateway to sensitive information. “Mobile malware” is a relatively new anomaly; the first mobile device virus, the Cabir virus, was released in June 2004 (4). Although mobile malware has been somewhat unsuccessful, it is still in its early stages. Many experts note that attacks will become more frequent and malignant following a PC based trend as smart phones become mainstream (5). The virulent capabilities of mobile malware were displayed in a recent (February 2008) Trojan called WinCE/InfoJack that was packed into regular files (e.g.: Google maps). Once the Trojan downloads, it disables all other security measures on the device and sends information from the device to a database (7). In general, the widespread use of mobile devices in both business and private settings makes it a valuable target because it has the potential to cause severe damage relatively quickly. A recent study by McAfee, a provider of IT security solutions, noted that 83% of 200 mobile operators surveyed worldwide said that viruses had previously infected their networks (3). Clearly, cybercriminals are willing to directly attack service providers in order to access mobile devices.
Theft of InformationEdit
Mobile devices may compromise the security of a corporation, particularly due to the various pathways they provide cybercriminals to intrude. Firstly, mobile devices are at risk of being easily misplaced, stolen, or carelessly disposed. For example, a former VP of Morgan Stanley sold his personal blackberry that he used for his work on eBay for about $15. However, he did not realize that it contained a sea of information on clients as well as phone numbers of top executives. Often even resetting a device to factory settings does not erase all information on it, as it may retain binary data, which is retrievable by experienced hackers.
Mobile devices have created a predicament for the IT department, as there are no boundaries defining the use of a mobile device between personal and business use. Often employees use personal smart phones for company use and vice versa. Since most of the devices do not usually come equipped with antivirus and anti-spam software, the devices are at a risk of being exposed to viruses swarming the web when employees access personal email and browse the internet (3). Mobile devices often connect to various networks outside the protected corporate network, thus increasing the likelihood of information being intercepted and the subsequent infection (5). Once the mobile device is infected, the whole company network is compromised because the employee is authorized to access the intranet (private network protected with firewall), thereby providing a pathway for the virus.
Viruses can be transmitted by various means as shown in Fig 1; amongst these means is the Bluetooth channel. Most, if not all smart phones are equipped with Bluetooth technology, which allows for data transmission to other Bluetooth enabled devices within 10-20 meters (4). Therefore, Bluetooth not only allows for transmission of malware but also gives rise to the opportunity of intercepting confidential information (5). Moreover, other viruses known as mobile messaging malware have used Short Message Service (SMS) or Multimedia Messaging Service (MMS) technologies to spread. Once a device is infected viruses can automatically transfect by sending SMS or MMS to contacts. For example, the Mabir virus, which affects Symbian OS 7.0s, sends itself to other devices via MMS (5). In the business world, this may result in a tarnished reputation amongst business associates.
Steps to SecureEdit
The innovation of mobile devices has had both a positive and negative impact. Although, they increase productivity and efficiency, they create a major liability if businesses do not handle them cautiously. Any compromise to sensitive data is of significant cost to an institute in terms of “legal liabilities, brand damage, diminished customer confidence, and financial loss” (5). Therefore, it is of utmost importance for businesses to protect themselves. The first step is to insure that all mobile devices have some sort of authentication such as a password that is locked in with a “data wipe” feature (6). Second, sensitive data encryption will provide protection during data transmission (5). Thirdly, businesses can implement other “on device security” such as antivirus and anti-spam softwares. Finally, businesses can better protect themselves by providing user training on how to use open networks and regulating what type of information is stored on mobile devices (5).
Businesses need to strike a balance between retaining the increased productivity and efficiency of mobile devices and protecting important data (5). Although, malware for mobile devices has not become a major problem yet, it is highly likely that it will follow an example set by the malware evolution on PCs, an initial testing phase in the early 1990s followed by upscale attacks. Cybercriminals are working relentlessly to disrupt businesses via mobile devices. Published proof-of-concept malware, which is malware that expert programmers write to show vulnerabilities in devices, have resulted in multiple offspring variants, as criminals have modified the published codes to make them “better” (5). Therefore, businesses should realize that mobile devices do not come without an antagonistic side. They are prone to virus and security threats and therefore an IT security solution must be in place to adequately deal with such occurrences.
- “Mobile industry growth slowing to single digits.” Electronista. 2005 http://www.electronista.com/articles/08/01/25/mobile.growth.slowing/ Accessed October 26, 2008.
- “Press Release Symbian OS v9.5.” Symbian. 2007. http://www.symbian.com/news/pr/2007/pr20078925.html. Accessed October 26, 2008
- “Mobile devices expose networks to security threats.” Computerworld Software. 2007.  Accessed October 27, 2008
- Shevchenko, Alisa “An Overview of Mobile Device Security.” Viruslist. 2005. http://www.viruslist.com/en/analysis?pubid=170773606 Accessed October 28, 2008.
- “Security for Mobile Devices: Protecting and Preserving Productivity.” Trend Micro. 2005. . Accessed October 29, 2008
- Shinder, Deb. “Security in the Mobile Device Era.” Windows Security. 2008. http://www.windowsecurity.com/articles/Security-Mobile-Device-Era.html Accessed October 28, 2008
- Piazza, Peter. “Malware Attacks Target Mobile Devices.” Enterprise Security Today. 2008. http://www.enterprise-security-today.com/story.xhtml?story_id=58646 Accessed October 29, 2008
- “Influence of Mobile Technology in Business Growth.” Arimaan Global Consulting. 2008 . Accessed October 31, 2008