Security Market Segment LS


JUser: :_load: Unable to load user with ID: 3149
Friday, 18 February 2011 16:45

Beware the coming corporate smartphone threat warn experts


Rogue smartphone applications coupled with social engineering will be the undoing of corporate IT infrastructures, network security experts have warned.

As more and more enterprises succumb to the temptation of allowing employee devices to be used for work purposes - either because of cost or pressure from senior management - the threat to their IT systems security is rising.

Speaking at the RSA Conference 2011 in San Francisco this week, Ed Amoroso, security supremo at AT&T also advised IT managers to skill-up and use 2011 to prepare themselves and their networks to deal with future threats.

While fake free versions of popular games such as Monkey Jump and Angry Bird are appearing outside the iTunes App Store tempting people to download suspect code onto their phones, unchecked Android apps were also making their way onto mobile handsets which workers carry onto corporate networks.

Some like a wallpaper app detected on the phone of a Citibank employee collected much more user information, including contact database, Wi-Fi addresses and IMEI number, than was required for its operation, and sent it onto servers in China, according to John Hering, CEO of Lookout, a smartphone security company. Such information could give hackers means to impersonate a trusted device and penetrate a network.

'They are silly, they're whimsical, they cost 99c and they are fun. Guess what, your software has to be resilient. It has to work and we have to rethink the infrastructure for that portion of the mobility side,' said Ed Amoroso, security supremo at AT&T in the US.

Amoroso also warned app and operating system developers to speed up their vulnerability patching leadtimes to help curb threats. He said patching had to be reduced from seven months to seven days to counter the explosion in smartphone app popularity and increasing number of proof-of-concept malware.

'It's a big problem but we shouldn't have to do it in the first place. We shouldn't have to put duct tape on software. It's kind of a mess, right?  You (IT manager) have to do it yourself or the IT guy has to through the app store at their leisure,' he said, rulling out over-the-air patching by the carriers as 'the nuke option'.


Anti-virus with automatic updates was not the answer because it used too much bandwidth and battery power, he and other speakers said.

'Sooner or later as a group we'll have to come to some agreement on what we're going to do as patching becomes a bigger issue. It happened on the PC side.'

Martha Vazquez, research analyst information & communication, Frost & Sullivan, said the mobile threat landscape today is not exactly what vendors expected five years ago.

'The introduction of smartphones entering the corporate world has become challenging for IT admins. Today, the threat is not so much, how much money will (they) lose, but more about how can (they) manage all these different devices and protect the data that is on the phone. This appears to be the biggest threat to enterprises today,' Varquez said.

Mobile industry experts stopped short of predicting this year will be the year of mobile threats as they have been doing for the last decade, but warned there will be more repurposed applications and Trojan apps.

'Over the next two years, carriers will be rolling out 4G networks which are an IP infrastructure for mobility at speeds that are going to be pretty attractive for hacking,' Amoroso added.

Lia Timson is attending RSA Conference 2011 as a guest of Microsoft. She's on Twitter @liatimson.


Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.



Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News