Mobile & Wireless - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Mobile & Wireless


Security Threat Looms as Wireless Blooms



 By: Matt Hines
2005-11-16
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Mobile & Wireless story.


Rate This Article:
Poor Best
News Analysis: As consumers and businesses adopt increasing numbers of wireless devices and begin accessing more powerful applications available from mobile operators, experts contend that security issues related to the technologies will proliferat

As the desktop once said to the cell phone, "Dont do anything that I wouldnt do."

According to a group of panelists gathered Wednesday for the Ziff Davis Wireless Solutions Virtual Tradeshow 2005, as mobile devices become more widely used and take on increasingly sophisticated applications, they will likely be faced with the same raft of security threats that have plagued their PC brethren.

From corporate workers who unknowingly expose their companies to attacks by accessing unprotected wireless networks, to consumers that broadcast their location and device information via Bluetooth-capable phones, the industry experts agreed that the battle against mobile threats is only beginning.

Todd Thiemann, director of device security marketing for software maker Trend Micro Inc., said that the growing list of content services and business applications moving onto mobile devices will encourage hackers currently writing malicious code for PCs to cook up wireless attacks.

"To date, when you go out with a mobile device over a mobile operator network, youre generally using slow data speeds and consequently you dont see a lot of file downloads," Thiemann said. "But things are going to take off and get into higher data speeds, and there will be a lot more people downloading. What that means is that it will be a lot easier for people to install malware, viruses and trojans in the same ways that weve seen on a PC, and it will happen a lot more frequently."

Thiemann said that the increase in developers creating programs for wireless handhelds will also trigger a jump in the volume and complexity of potential threats. For instance, Microsoft Corp. claims that over 640,000 software coders are working on applications for the companys Windows Mobile operating system, while an estimated 417,000 people are developing tools for Palm Inc.s mobile OS. Another 2 million are estimated to be building software for devices running the Symbian OS.

Resource Library:

As each of those platforms grows in size and sophistication, said Thiemann, so will the attacks crafted to target them individually. In addition, as with Microsofts Windows OS for the desktop computer, whichever software system wins the biggest share of the market will draw the most attention from hackers.

"Today, its more probable that attacks will come on (Symbian) or Windows Mobile platforms than a Palm OS platform," said Thiemann. "Palm also announced that its next generation Treo (handheld) will use Windows Mobile, so you see (threats) coalescing around those operating systems."

Click here to read about Nokias plan to buy Intellisync, which markets enterprise-scale wireless e-mail and mobile messaging services.

In the world of business, experts said, the mobile threat is rapidly becoming a serious headache for IT administrators. Unlike the lessons people have learned about using their company-owned computers more carefully, many business workers continue to take significant risks with their mobiles.

Brian Babineau, analyst with Enterprise Strategy Group, said that companies must begin treating mobile devices just as they treat other forms of computers, enforcing stricter wireless access guidelines and educating employees on the inherent risks of using handheld business applications.

"We dont just have laptops anymore, we have PDAs and iPods, and all of these devices, including cell phones, have memory or will soon," said Babineau. "The unfortunate news is that were starting to see that as employees and their devices move further away from centralized IT resources, it gets a lot harder to protect them."

Some of the pain points that may allow for mobile attacks are the same technologies that other experts have labeled as the leading catalysts for growth of the industry, including Bluetooth communications systems and even the many variations of the 802.11 wireless technology standard.

Bluetooth, which is already widely available in a number of cell phones, PDAs and laptops, is gaining a reputation as a weak point in some of the devices. Based on the location-oriented aspects of the technology, Bluetooth-capable machines not only carry the ability to download different types of applications but also transmit unique identification information. That data could conceivably be used to attack individual devices.

With 802.11, or Wi-Fi technologies, users can be threatened by publicly available hot spots such as the ones offered at Starbucks coffee shops. The panelists said that wireless access points that fail to use encryption, or lack authentication controls at the management level of their software, could make it easy for hackers to spoof devices Internet Protocol addresses.

"Previously Bluetooth was overlooked because any attacker would need to be close to their target to carry something out, but its been shown that Bluetooth attacks can now be carried out over a mile away from a target with use of a highly directional antenna," said Andrew Lockhart, security analyst with Network Chemistry. "With 802.11, customers will often connect to whatever (network) they see with the highest signal strengths when preferred networks arent available. Thats a big mistake."

Another threat worth noting is the possibility of having a wireless device physically stolen, along with all the personal data, passwords and network access information that users have stored on their machines, observed the analyst.

Despite the potential landslide of security implications, the experts agreed that many of the loopholes they cited can be largely avoided by maintaining vigilant device usage practices.

A California city gives Google a lease for a Wi-Fi network. Click here to read more.

For Bluetooth, the security specialists recommend disabling the capability entirely when it is not in use, turning off device identification functions, and creating longer pin codes for network and applications passwords. People who dont plan to use Bluetooth at all may want to avoid devices that carry the function, the panel recommended.

With Wi-Fi, the experts said that users should only connect to trusted networks, use a virtual private network when available, and use the onboard security tools built into more sophisticated devices such as laptop computers or smart phones.

Business users and IT departments managing wireless devices should enforce the same rules they have in place for other computing systems, such as prioritizing data backup, establishing standards for recovery times, and choosing products and services that dont hold the potential to create unecessary problems.

There are also a slew of new technologies aimed at helping companies remain more vigilant, including software that continuously backs up device data to central IT systems, and applications that automatically synchronize data from PDAs and smart phones onto laptop or desktop computers.

"Theres not really a whole lot to protecting against attacks on mobile devices, it just requires a bit of common sense," Lockhart said. "Treat devices that use (wireless technologies) like you would any other device that connects to the Internet."

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.



  Reader Comments: Security Threat Looms as Wireless Blooms
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Mobile & Wireless Articles          >>> More By Matt Hines
 


xr80VӮcV%-JӶT婎HHb"9$K|Nܗx3pBK^=+W-`HD"?H9wur56%sE}"Iͽc(p(IFA)v@{iFuۚ:A&pTwd>J`OS{SM5?X) |/[s}JFԚ7\3ĝb^Q$Ё_MMJGDERzGGEQݓ-Dm:O\'w*GUnspSa_ʞy5EdBԤ#|xB'gxdY (ƻfՉziZgGdl vu H `lN$+A<ЌaS?CRp`eFW+7<mߧ,|y"b4rݢQs>N+&o#> ef"`Q%M '| 8Jn.r? [Z&gǨfm՜YWc>2#-+}י6:N .A?]t8^%glh|X.B2iK1QW5MGV=LLG_@r /*r[h 32ud8İ1n҉âx?/( tsϽc|>7ƺ㤞F!|emxqZ.OV34!!&- 'p'bdx }c 04LH"AЂMtT:n]`2Z9ܹ ([ hk= `DykwMXb (զAp{Tg,zC_ {k6G~[>l0 zQA\QoDm2)%%E24.'H(AH 9[h ]99y0#!bRN[ TݞH:wHT+esMX)gQY,p[/)Pf%5{~4 cbB|#'&Xr`Y \d+|i)lc l[6؛ri:|:ioBg2 08Bdp=YXIZ&)C IK,tt?;\ύ!7!q"-%`|fX4К =QA\^XP[Im)tsn9`YƌWjP~A-Q;luV<ۢf|A8 w k2FE'6`FTTMZAZzI۶h T&]\qαqB&k:H(Y3b-ysDrm ֌M'WQֹ{z)5_͸T3Q2-C+9Eۋ)i sX-8E4W-eSZqlzQn^ӛAr _֥P+@yc l+/,;7kc:*+_iiHH*E6@\Z3-c %>!1Ada:(fu#Ԛa;C+%UV̠LX:^^Ma+ L 24 0p"w`bB0\`NSy6rAzL] Si>JeכA6g ;BSjj3Ä烄7@ƅ/Љk`{::P[0,Y^W꺰/Z\՚L|v P[Qz{=8`Tfla8lX&uowj19SQ_(%UMPF[d"vd\6˰@eִ &;qm۽G z4<(yR+r!9 g֘I8U1'N\ ԕ'Q/"~lLa+ 5!70Mc LK3:>Ԧ4Q ( Mքk&.L:㼝 XA \@/ qPHWkX ±tбթ6=,Jt a"! }:>nssQ*r7+ )T|;Ofz^*k 6DZUUR;.Z {}|8=ehLQ8r'}y _+z3aqn,2G/}UGқѰL}6݁ {.,|pZEYO`s!AZNҎ@'OeCRIcY6i` :2 )& t0Ș%=WlTjo1՟m$R*m[CĮ01^*==@7_)-ʶ~k˦׆gayϤ͋h |9{mvfFLks0Rj(Y|;` vfȵ u6N1L M'\մJj/Y` s*? .}l3PYi_3󓫻玾~XApA H'}7 On~Uc{6~ziM0b`{7=;'[4OQ5rRd2}6PC*lZ>ǐlb_…^OR9L9n7=RJ =cxYeugc5NZ9"*#z)ϣDʂYe/Q Umq'.҂^8ỨbRvQLv'MU"[qdy lSrV/Ѓ`Ic#g+Ȋ@G?F^n!ɕ:0!Ie\TS*.?uTjjEIz,pH.i7xџ1YD+++0,7=kp9 2j=uR=,fKܦ@vܖ[J,]! Ba u( =(tםzZx\[v ˽'jH@KY|Pq#ZP@iuI+KZ̡2e{SV$ \EI's3ҿn BDoSwgtsć) RcZִ2Hw ضVU %D.,ӄ1Zr~VS"YK@rvzJ5+ ePext|{W !&c oR9 "o$DDOCVi&gX&J*1ǟM1Ή{?NM" }MQUv٩b cy&m!@ޏw)ilJg#<d^=G #Awx렘ɧNa&`W4.Ї_nXז~t1}L@IP 4"5?&!&}̿{5V};lѳ0 `yBz+'!\>v{Kߧ?wLλuoؿ<rLpBjw?XG}9=ﴮOM1&03hĂ@⑩!g`ziB*XKݹĂqK՜4"z ON3"nPU88ьmjkos}eXL/oH:|X1bXH\T dD;Ieޞ,6<5ޥ]晿BǝƗHȣ ,Ν-WI+JD$/CiA0 HR#E[dqdP>Xki)i[UH+?vƇ%!\8a=!l Qڕ#=aMbc cE˙)vR6x}y9b1݁ne)ܱr0jw;操~{Oj9ЛsL٩Eݘtvh='&s9 =cGm:{ @@GP$"B[•𣉣S㻞Xa +0q)ym<4ݹn98iI?$a犴z_@ W$ V FP ߽?&qw>P]Yz$AC~kM}\0?y1v7rO0w)i{}pҶ2CWqk:Y+@^|*$$EUՊZƶrVU3$R؋O'G'3~`qx-:?&\%3ތՏK^dΠtp 7{!F.`4s1T x`o~ϸW*]c*7ﰧ}VZtCqB)nVx/)&%ΓeL @OKtG]_BQ{O{[#60N Ԧw13~ OO=rc']]A FU h CzW`[ʅRH3#@*yd\][w5&P)<A~A< v4)[+xJF}ia;⫆–~@F' FYOX W+O*[QVD3=9d: ;F$/?&wD[F27_ b]U,9X<֥/KD =S=aa{KWGcVўKy!` C&b. ҹ07%;>_@U'ey`~X20C&Vx<1;UGlT FhaNMA({A3|6,XTXmXMe"VCzg`1]GK.2@]g dG- @&N(}d JO(aBlAW7AgfM!r嵐Bb5=&exw:-"S^>vc" Sb kގǒmySgig5[ZR1bh}tڳRnjl+{v=@'EMzw%C*Yfc'6bo3:</Pw_wպT[J}wb9%/Ռ(7#fD+we{-5d]`%Rd4ʭ!|JCQؑn̋wB}Ab7uTkJ=bO1SG> CCg'&S:IA_J 2̥)Yi>;[7a肤Z>wCk@ LK.ǷvZ@B}w׉ߕJVUsUg:v8 #YR-V"F_ob_g~{wےmVEN)I)=`H*nEq?TT'bFF4BFS%³\-*K}xPBhj 'Hd\~M{sҺX3Qzih9"JPzJ #TP9L8T" .87+oAOEJ/&MV^&-sNLK}SDs9^ e.]DZS50\7V@R `ejb 6ah>'dX}MѨ*XJ׳ }R8n&AzR1}2 @]UJC.e>Wp1~H0߬t|&"=/ͧҬmKᥝ hpmlpBYq7?7?7?7?++JU}=M;3:2{(AzWZT^ҷPݢwGD?"hE%HUϠi;6"D섀.Wbw{n#]O w/=J+%euȌi qԦ, 5@xGlD-Dh ؊Z uw65Odlڽ /lK-v-nF}*E驥 x!< XdF8X"pQ>Kgؒ_ }սze\,o뚲MZby_}ä1o36k9v`[Z}J!P%u܉Կs,oDAn@x_x/bg133Д1|[Rثzp|w Em{aòb%Ajar _o'7,]E@4ܺꖄP{]Q’2kr֡m$$u:@  covAC";ysʛ<ߥ]^qI| o֡@k:kYk:>LoO/Qc$ě䛖MOF&-'ͼX淐>;`Åۋ}c7! ҺY1$d 0ՍLE}7э%!CC}&bmvX !٩,fFR  Z1ߦLm_mLp(H^uσ dUokoȊ>t%'R rwjr,Nۺ B؆_e ƗY'6ȋZIHgsS8wHX3,-ida[,BVG z@{I|`u1uW)8eSOe}ׂ^_VBħ%Y d^m/ IO:,x{8S[xv1*E1X0?+;ˋs]ic]ظol`J tq&wo(7~X[q)]dE;{UǗlR" I717^GcKiL/:cG₆  3,K?c"_{ G)7C;L? oSu&n[{]KL= ? KB)`G%~/`q;{uN٧Tc?A&oGD_~x=U H:@ VٍJ,`70}'bbaU1 ʑmOG]x{XMOV#ԏ_K^b,l^̐5|55 =d6e <XR]?\ۦ{kD_n|aQk"]YPVô%'M]ELa!-(-Ȯ~aIz}m&{Lj$|:OI}MMm&θ 0kQ0+&lZO'q/5+#ۏAE&Ljww$p#(,oqn =JZA5Rhs´5̈Gbv ]mz^CfJ;7]F5S.W@O[fkhPbͪT2hlͺ ةRcT-*<);,3˿=޵N %?AtkeLfƗQµSI*d SDޥE"#m'Z~RQ!q5dԴzYy>c k*0XeeZ{cqȝGF^hRyG2]3Ra*:&3'֜eO}K;RJP`o3ɿo(ca-  <z9}Z2֛krzt2! y(1C ^aw ᷭ kbt60ۉpd6íT2ýZ<HHZ7?qbSafb+KNL.^ah+ZK<+. b1q: @'K?/@"x԰tT>#RV̯mЇq>UMXޮ;ČVS\>fFkYAbF|1E#]$ %[ rU%wޠ~z*ޟOe~n3nZ]GКZGt$"J w ݲY*EJ/c?So@  '):]Бܟߕj@*IgO.8|||m@)"6 ?LJi sF@YfG P56w E:mvX()C{Nzyg8\ *1K.P^[HPu..a}i0~;zCRO⺢t@xL"aK\v3кb冸~m#k^Kʑ22ѹ7PfETw{9'0ឩU1,3-kDM(qik8ǸK=w+Djc _.JgUE d37  cn J͍$ԇ: ;%̜3,0 uA"\2, w3ܕksnr[VI6pRt=:rtԨ)ʁ*|{c@u< 32S¤vtz\/?>').yDci 8^iN4xXژ"oX12 =<RXX_1[5=L꺂OGJ 2,S=VJ*͂GwyăfU3{8~ROSr%+ %uV0`A i2ag4t\K- -C? &a@}lF(LwnF`9EZ!'ӫyFa[kM|폺SwN˯g^g2f&SE`9"eI^ũ6u\ «XsxYx鎾(bh,.6WÓ0?E_Cĸҫce؂W?z [Ug0r ïxu3_-fP`-ǭoj5V0.8SAs:$^ЌLjV}QuxS S+S~WO[@>sʑ҇ۀv'O7~r1?C基nsʡݜ)wsˠeSʿn.?9A5/r3 { E~.`9ȡ ϋD匿ʿO9_@EN9o/g~{?r# _92>.˜ys??oC@?6C__K^9Kʯʁ~sڿi:ҺNrru S)JyC/*ȋkOy射By<*PC/ns s{xvY^][\;YoG췡\ţu>Tk6:7tq3[ #Èà8 zY8#lU~LUu>l}찇b(O6Tq25R u8i${ VH&Y$'(BcعvЍ5zĥoQF {4N͑a[> o1eM+5VkZpWrH&W3 = O1}Q5YUdN*jURL3DAyg l];&H̽ZCO2CX)&ḃ̹n-G R }:nwl T| y3Ky"oTS;75@9$ Lo 8Xj-/"2g11+<-]#+x@jv1Bbn1ruʿz6iį̲4ǝa&rV2oA8vh-x qnaSx uI<X! =s3! {6/=Txl "esCPF\X M؂1&PSB[Wy)lll3${ 'V >vQpQn5t9?ףrmV<Ap[c2 Aj.j`̃`wƸB[c{It͘;S>Q hkЁxNY|1kHNl7gBoaXkt$J7BgQb]rwZf$W"Br0193'O=ሇ8 CQ=;z|F,&^ݨ3K~]xR Hn<)<;:_qxbj'`O8xY0qt,_L)8裸F)n?ibr]6M b ه%?1疳g xNl''4WB):3Uh6 iV~$h]45sJފjd&_TUA%#!7sȾ&Hz }a|l'>EыpOaHyB'Xϑt,E.qzF߭U53௛B=O=<6pΖlOMozcw[/I)H(\dzd;nB8L-~m"@ăw!$`<>,"$ϷRΜLT zZO} n,8^ {ioG}k_VcńK :F1HyU_@"&`ɕX)tmǧ|oW|A,Kl`yB`t0'L:>A{g;*ع ˜3L1Д8v2#OA3r ~XnG\<`i$x'&Yձ=wO 7g}L4^֦Ju AY?_v{[=/`(ZF#$c ӭ兤<P߀ac.vQ%eNܜMF.D]hT4%*ʢ377M '^kgoyc? |ڕa=q3acΜ67 U =[?܋;}\m91V`=s묟R6ȴ{ ;aqzIW{{Q0&iEȓl`Cv_)~ph;?ƒYA wVǰ?|BO RO80Ux|-h\}[xtmx0#Ÿrz,ɀaU¤Bd'KWˮM6Wxyc|[D$5bha2(/z0 BL萻kÔpaI#s{ ;߂ ixv4<@Tf_E@F7fYUĄBZJGnrmmS{JhiF"5cP!X$]-n/B@w: εxC/Y@~1  <99/@틫$ASP_X1X]< :L+ + Sq0~=\WXY7ZG<|;X٧qƠk'O(Uƥ*ix޿J֍^z:Us-Emӿjw T>Vnw{񪞽T7w r̳ś|'`bhPlyPVKŽFvݶ36HZ\֓C\/muǍo=i)l٦dU4s_jjNJ6 }TarĬ?,qg;e¦[HXFWIkkjTww.