Tom Olzak

Good luck with mobile malware defense

In Encryption, Mobile Device Security, Smartphones, Windows Mobile on July 21, 2009 at 09:21

Looking for softer targets, black hats are stepping up their efforts to take over your smartphones and wireless PDAs.  It was only a matter of time before these devices, once falling below the radar of financially motivated cybercriminals, began to look like softer targets than increasingly hardened enterprise networks.  So what can we do about it? 

In a paper published in March of 2005, I wrote about the potential for mobile device compromise.  However, the risk of anything other than Microsoft Mobile infections was very small at the time.  Even so, Microsoft Mobile devices didn’t carry much more risk than their Symbian-based cousins.  But now things have changed.  Smartphones which use Symbian OS—the vast majority—are facing a very real risk of becoming part of a “mobile botnet.”

A new worm known as Sexy View/Sexy Space, once installed on a phone, communicates back to a controlling server.  Connection to the server allows a black hat to communicate commands to one or more infected devices.  This is the basic requirement for a botnet.  Now your users’ cell phones, too, can eventually participate in the same botnets as their PCs.

Protection for cell phones has lagged far behind solutions created for laptops and desktops.  What this means is there are almost no solutions for enterprise anti-malware protection—defined as a solution which uses a central console to configure, monitor, and ensure up-to-date protection across all mobile devices.  However, there some things you can do to protect your organization’s smartphones and sensitive data residing on them.

  1. Choose devices which can be configured to only allow download and installation of software verified as safe.  Apple’s and RIM’s online stored for the iPhone and Blackberry devices, respectively, are good examples.  But this isn’t a knock-out punch for mobile malware, as Symbian discovered with Sexy View and Sexy Space.  The purveyors of this new malware actually got the software approved by the Symbian online store.
  2. Anti-malware for mobile devices has been available for some time.  McAfee has primarily focused on Windows Mobile devices, but is moving into the Blackberry space.  Kaspersky has a very robust solution for phones running Symbian 9.1, 9.2, and 9.3.  Most business class solutions cost around $30 per year per device and are updated by direct connection to the AV software vendor.  (Free products are available for personal use.)  Products usually include a firewall and often provide data encryption capabilities.

Security vendors are making progress, but until a true enterprise solution is available, security management of hundreds or thousands of handheld devices is very difficult.  We can always use policy (e.g., Blackberry Enterprise Server) to deny the download and installation of all third party apps.  However, this won’t be a long-term answer as tech-savvy users at all levels—including executive management—startto push back hard when these types of policies are rolled out.


%d bloggers like this: