Top Security News |
IT Managers Stressed By Employees
IT managers are more worried about end users creating a problem for their IT Systems than about attacks from hackers, according to the, "2007 State of Security...
Google's Checklist Of Helpful Webmaster Security Tips
The official Webmaster blog has a helpful post has a list of Quick security checklist for webmasters. "Check your server configuration. Apache has some security...
Ajax Security Features In ColdFusion 8
There are some interesting new features in ColdFusion 8 related to security that I thought I'd share. I just discovered them myself (I'm writing one of the the Ajax chapters for CFWACK) and I thought I'd share.
Maiffret Talks REM, Apple, And Black Hat
eEye CTO Marc Maiffret chatted with SecurityProNews ahead of his firm's release of their hardware
appliance for managing security and asset vulnerability...
|
|
|
11.21.07
Smartphone Security Concerns Slowly
Arriving
 By
David Utter
A rise in threats to smartphones, as their capabilities have approached those of a typical laptop computer, looks like a credible problem in the future of mobile platforms.
The potential of smartphones allows people to carry the various applications normally requiring a laptop in their pockets. Web browsing, VPN connections to corporate networks, email, and of course phone calls make up part of what a well-crafted smartphone enables for its owners.
Even a typical five-pound notebook machine is no match for the few ounces a smartphone weighs. Millions of people carry cellphones, with smartphones gaining more and more favor. It may be too much for criminals to ignore.
Experts at security software firms like Symantec anticipate this will happen. They want to be in the vanguard of vendors meeting that smartphone threat head-on.
Our interview with Khoi Nguyen of Symantec touched on the topic of snoopware. That malicious software can remotely activate features in a smartphone. Imagine if one's ubiquitous smartphone could be remotely activated by someone, and used to listen in on conversations taking place in a private meeting.
Or for camera phones, a remote control enabling someone to see what the camera sees, wherever it happens to be, would be a highly unwanted privacy violator.
People also use smartphones to perform financial transactions, like online banking. Just as they threaten PCs, Nguyen noted, these attacks will likely be paralleled on the cellphone platform.
Nguyen talked about seeing a rise in "pranking" where a criminal sends text or voice messages to phones. These messages ask the recipient to reply with a credit card number to cancel a service they allegedly signed up to at some point.
Some mobile Trojans advertise themselves as web browsers. But when added to the smart phone, they start sending premium SMS messages. These have been vexing to mobile operators, said Nguyen, as they end up on the hook for those costs when consumers dispute the charges.
Compared to PCs, where some attacks have grabbed attention in the mainstream media, people may have less awareness that similar threats can drop in on a smartphone.
Nguyen said that a smartphone solution in the works at Symantec would help against the SMS/MMS threats that come from pranking, by giving the phone owner the ability to whitelist friendly texters and blacklist the unknown scammers as desired.
Another big threat, phishing, won't have a countermeasure available right away. It's still up to the individual to judge and discard these, but Nguyen anticipated that Symantec would have an anti-phishing product available before other vendors in the future.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
