Experts: Mobile devices a growing target for criminals

Many IT departments face significant problems with smartphones and other mobile devices, security experts say

The best way to protect business information on smartphones from cybercriminals is to leave that information off smartphones, according to a mobile security expert.

Mobile security is still evolving, and smartphones are vulnerable to hackers and to social engineering schemes, said Andrew Hoog, chief investigative officer at viaForensics, a security vendor. Cybercriminals are starting to target smartphones, Hoog said at a cybersecurity summit in Washington, D.C., hosted by the Computing Technology Industry Association (CompTIA)

Mobile devices combine personal information and corporate information, Hoog said. "It becomes a much richer target."

ViaForensics recently completed a review of 100 popular mobile applications, Hoog said. Eighty-three percent of those apps either warranted a security warning from the company or failed the company's basic security tests, meaning they stored sensitive data insecurely, he said. The company gave warnings to apps that store app data in an unencrypted form.

Ten percent of the apps tested stored passwords in plain text, and 25 percent of the financial apps failed the company's tests, Hoog said.

"It is possible to build secure mobile apps," he said. "But when we're just scratching the surface, just looking for the most basic information, at this point in time, we're recovering enormous amounts of data on these devices."

Part of the problem for corporate IT departments is that employees are bringing in a wide variety of mobile devices to use in business settings, added Brian Contos, director of global security and risk management at McAfee

"Fundamentally, the problem with mobility is that the technocracy is over," Contos said. "It used to be that ... the IT people would say, "this is what we're going to run, this is how we're going to run it, these are the applications you're going to use.'"

Contos told the audience that he was at an organization in Bogota, Colombia recently. "They had all their auditors, all their IT folks, standing up there and telling their CIO why they shouldn't allow mobile devices on their network," he said. "They had charts, graphs, tables. After about an hour, they made their point, and the CIO stood up and simply said, 'But I love my iPad.'"

In addition, mobile app and OS developers want to make their products easy to use, added Allan Friedman, research director at the Center for Technology Innovation at the Brookings Institution. Criminals using spyware and other schemes count on split-second decisions by smartphone users, he said.

"The challenge for security is, to have someone make a good decision, you need to force cognition," he said. "You need to actually make them think. This is the opposite of usability."

Some corporate IT departments are turning to outside consultants for help with securing mobile devices, Hoog said. Many company CIOs are saying they have "a million other things to worry about," he said. "It's too much for an IT department to take on and become an expert in, but it's too important to ignore."

Some mobile security vendors have tools that can make mobile devices much more secure than they are out of the box, he said. Hoog described mobile security as a race between security vendors and cybercriminals. "If we get to them first, we win the race," he said.

Grant Gross covers technology and telecom policy in the US government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Tags Allen FriedmanComputing Technology Industry AssociationviaForensicsAndrew HoogregulationBrookings InstitutiongovernmentiPadBrian Contosmcafeeconsumer electronicssecuritysmartphonesmobile security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?