Smart Phones Remain Vulnerable

By Matt Hines  |  Posted 2006-04-04 Print this article Print

The research also pointed to some regional disparity in terms of companies existing efforts around increasing security for wireless devices. While 55 percent of Western European businesses said they have adopted security applications to protect mobile data, only 44 percent of respondents in Asia-Pacific, and just 36 percent in North America, said they have done similar work.
The threat of adopting new, more powerful handhelds with PC-like capabilities, known as smart phones, is also troubling customers, said Symantec.
Only 26 percent of the firms involved in the survey said they have already begun assessing security risks related to such devices. According to Symantecs latest Internet Security Threat Report, published in March, there has been a significant increase in the number of malicious programs written to target mobile devices, particularly smart phones, over the last year. Click here to read about Symantecs new bid to secure instant messaging. Smart phones in particular are becoming an attractive objective for malware writers as the devices tend to hold corporate data. These include Cardtrp, which the company identifies as the first cross-platform threat aimed at both the Symbian and Windows mobile device operating systems, and Pbstealer, a file that cloaks itself as a phone book utility for smart phones to lure users to download and execute it. These viruses typically infiltrate a devices phone book and calendar settings and cause phones with Bluetooth connectivity to broadcast the data publicly, Symantec reported. "Smart phones, if left unsecured, will emerge as the weakest link in enterprise security strategy," said Miller. "People are familiar with the threats against business PCs and laptops, but they admit theyre not even thinking about smart phones. Based on the type of data these devices hold, that neglect is a trapdoor to the underbelly of an enterprise."

Some security industry watchers remain unconvinced that enterprises need to shift as much attention to wireless security in the near term. Graham Cluley, senior technology consultant with anti-virus specialists Sophos, said that while companies should consider the future implications of mobile threats, there is not enough evidence of activity in the space to cause serious concern today. Companies are still struggling to fight PC-borne viruses, with which they are bombarded on daily basis, he said.

"At the moment there are only a handful of mobile phone viruses; theyre not spreading in high numbers and they are very rarely encountered, whereas every day there are scores of Windows attacks, roughly two thousand of them in 2005 alone," said Cluley. "If you want to focus on where the real battle is happening today, its on the desktop; thats not to say that in the future there wont be more mobile threats, but we feel that companies should have more focus on current issues." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel