EVERY NEW TECHNOLOGY
attracts the dark side, as IP telephony did earlier this year when a VoIP executive and his hacker accomplice were arrested for fraud. And while computers largely have become immune to attacks thanks to firewalls and other security measures the occasional bug still seeps through the cracks. Next up on hackers radar screens: mobile devices. Dubbed mobile malware, these viruses threaten to bring down companies from the outside in in other words, from the PDA, the smartphone or the cell phone back to the corporate network.
Even though the problem has been around for at least two years, damage from mobile malware so far has been limited, reports security software developer F-Secure Corp. The company recently released research showing there are more than 185,000 viruses, and the numbers are growing. The biggest change over these 20 years has not been in the types of viruses or amount of malware; rather it has been in the motives of the virus writers, the report reads. For example, hackers more and more are targeting users pocketbooks. Some viruses portray themselves as ways to use WAP services for free, and end up sending premium-rate short messaging service (SMS) messages to countries overseas. One threat in particular was limited by its use of the Russian language, according to F-Secure. However, we anticipate seeing attacks of a similar nature in other languages in the future. In the meantime, the company refers to 2006 as the year the mobile malware exceeded the 200 mark. If you compare the figures against the PC world, this does not warrant a state of alarm but it certainly indicates a growing trend, F-Secure states in its report.
Click to Enlarge
So what is a business with thousands or millions of dollars at stake, and volumes of confidential information to do? For starters, enterprises are looking to their dealers to help them protect their networks at each layer. This means dealers need to sign on with companies such as Bluefire Security Technologies, F-Secure, Trend Micro Inc. and McAfee Inc., who have developed platforms specifically to protect mobile devices.
Bluefires premise is smartphones are just like notebooks and desktops, except theyre connected all the time, says CEO and co-founder Mark Komisky. To that end, he predicts viruses will soon probably within the next year start spreading rapidly across carrier networks. Hes not the only one forecasting sudden virus proliferation. Todd Thiemann, director of device security marketing for Trend Micro, says there are three factors contributing to the growing number of viruses: the booming smartphone population; ever-faster data speeds from mobile operators; and the increasing amount of people knowledgeable about the operating systems on which smartphones run.
McAfees Jan Volzke, product marketing manager for mobile security products, says another problem is most carriers arent adopting mobile security measures as quickly as they should be, even though they are aware of the impending trouble. Enterprises, on the other hand, recognize the need to protect their networks and are turning to channel partners for aid, Volzke says. We see a lot of models where enterprises are going to resellers and buying devices, he says.
This points to one of the confusing aspects of selling mobile security. Because the market is so nascent, many people are not yet sure of the distribution model. Its really uncertain how its going to shake out, says Thiemann. Large corporations, he says, will want to own their security solutions, so they will rely on their reseller partners. SOHOs and consumers, on the other hand, might just use what their mobile operators offer, Volzke agrees. In the mobile world, the carrier usually owns the consumer, he says. The consensus seems to be, then, that channel partners should work with carriers and vendors, covering all possible distribution bases.
There also is a notion in the mobile security industry that margins on the service rank fairly low, compared to other aspects of the telecom industry. This could explain why resellers might be reluctant to place such technology into their portfolios. Thiemann predicts those margins will rise, however, as demand for mobile security also increases. Bluefire, says Komisky, offers its resellers hefty discounts of up to 40 percent on its products.
On the whole, the idea with mobile security, says Komisky, is not just to protect against viruses, but also to keep attacks such as key logging and screen capture at bay. You cant expect just one type of attack, he says. Its not just about firewall and VPN and antivirus. You want to make sure you encrypt data. … Its the complete security package.
Indeed, managing mobile security is the No. 1 concern among IT administrators, says Thiemann. The industry is going to see increased focus not just on handset functionality, but also management of that handset functionality, he adds. Another thing is theres been some discussion of where the right places are to put protection for these devices whether to protect the network instead of the endpoint, both or just the endpoint. Trend Micro advocates a layered defense to prevent network intrusions. To that end, the company has designed software Mobile Security 2.0 that scans incoming messages and even stops SMS spam. Whenever a user writes information to the file system, we scan it against our pattern file of known viruses and if we see a match, we stop that action from occurring, Thiemann says. The platform supports most operating systems, he says.
McAfee takes a similar approach to mobile security. The companys VirusScan Mobile product tracks all incoming messages (e-mail, Bluetooth, SMS, photos), then scans them in real time for threats, says Volzke. The delay is less than 20 milliseconds, he adds. McAfee relied on its expertise in protecting computers when it developed its mobile security suite, Volzke says.
The bulk of proof-of-concept viruses so far have impacted Microsoft Corp.s Windows Mobile, and the Symbian (on Nokia products), Linux and even Palm OS and Java operating systems, Thiemann, Volzke and Komisky agree. BlackBerry devices so far have staved off viruses because they run on Research In Motions proprietary platform.
Calling In Reinforcements
Mobile Security Suite
Bluefire Security Technologies
Capabilities: Encryption, authentication, integrity management, intrusion detection, firewall, optional antivirus and more for mobile devices. The company also has developed a VPN so mobile users can securely link to their offices. www.bluefiresecurity.com
Capabilities: Scans and cleans files, e-mails, Internet downloads, text messages and attachments. Identifies and removes viruses, Trojans, worms, and other malicious applications without interrupting connections. www.mcafee.com
Mobile Security 2.0
Trend Micro Inc.
Capabilities: Anti-spam for SMS text messages, virus scanning and rapid virus pattern update. www.trendmicro.com
F-Secure Mobile Security
Capabilities: Integrated firewall, real-time interception and scanning, automatic memory card scanning and automatic updates. www.f-secure.com
|Bluefire Security Technologies www.bluefiresecurity.com
F-Secure Corp. www.f-secure.com
McAfee Inc. www.mcafee.com
Trend Micro Inc. www.trendmicro.com