Smartphones are ubiquitous in corporate life, providing Internet access to data and emails. But many mobile IT and security managers are unaware that these mobile devices are not just gadgets anymore: they are portable computing devices running operating systems and networking stacks.
As more businesses provide smartphones to employees, and as more people use smartphones for personal use, security threats are multiplying. A recent report from ABI Research
predicts that more than 60 percent of handsets will have mobile browsers by 2015.
"The combination of 3G or 4G connectivity services and network-connected smartphones creates a preferred target for attackers to misuse the phones' software," says Ron Meyran, director security products, Radware
, a provider of integrated application delivery and network security solutions.
He notes that smartphones, left exposed to mobile Internet threats, can cause a corporate network to fall victim to one or more of the following attacks. Fortunately, there are ways to prevent them. Here are the top six threats and steps for safeguarding networks.
1. Mobile Security Threat: application vulnerability
Smartphones run popular OS and web-based applications, making them a target for application and OS vulnerability exploitations just like a laptop or desktop.
Solution: signature detection technology deployed by an anti-virus or intrusion prevention system (IPS). Key AV vendors now offer anti-virus software for smartphones.
2. Mobile Security Threat: malware spread
While IT departments strive to secure internal applications, data and most corporate devices, they often fail to secure the network from an individual smartphone, says Meyran.
Malware can infect a user's smartphone from the public mobile network, then spread to the corporate network, bypassing perimeter security measures.
Solution: behavioral analysis technology deployed by IPS.
3. Smartphone Security Threat: misuse of smartphone resources.
Smartphones are an easy recruitment target into botnets. Botnet operators can install bot malware then remotely control the smartphone to send spam or launch network attacks such as network flooding, brute force, scanning or vulnerability hacking.
Solution: Signature detection and behavioral analysis technology by IPS.
4. Mobile Management Threat: economy slow down
The 2009-10 recession has resulted in a cut in IT and security budgets as well as personnel. IT managers are required to do more with less -- resulting is their inability to make future investments against emerging threats. When equipment is refreshed it is mainly just being prepared for past threats.
Solution: Effectively lobbying for budget increases.
5. Wireless Threat: social engineering attacks
Techniques that attackers use to trick users into providing sensitive information -- such as SSNs, credit card numbers, user names, passwords, and more. Now that smartphones have also become payment devices, they are likely to become a preferred target for cybercrime.
Solution: education. The attacker relies on the user to make the wrong choice. Choose not to be a victim.
6. Smartphone Security Threat: battery drain
A type of attack that sends packets to a mobile device preventing it from going into sleep mode. The attack can involve as little as sending 40 bytes every 10 seconds and wastes resources to drain the smartphone battery.
Solution: Bell Labs' AWARE Detector, a packet inspection engine designed specifically for wireless network architecture and protocols. Alcatel-Lucent offers the product as the 9900 Wireless Network Guardian (WNG), which supports 2.5G, 3G, and 4G multi-vendor wireless data networks.
The Alcatel-Lucent 9900 WNG is unique in the industry in providing traffic monitoring, network performance monitoring, and behavioral analysis in a single integrated solution. The 9900 WNG determines how data traffic and behaviors impact the network at each of its many layers including the RF-layer, the signaling-layer, and the packet-data layer -- all from one point in the network.
Protecting the Network
The protection of corporate assets is greatly challenged by smartphones. Fighting mobile threats requires a multi- dimensional approach, advises Meyran.
"Companies need the right network security tools that provide a balance of signature detection technology and behavioral analysis technology," he says. "But even more important is education. One can patch vulnerable PCs, mitigate misbehaving users, and block emerging attacks -- but there will always be vulnerable users on the network, unless everybody has sufficient basic security education."
In the next year or so, Radware expect organizations will fight emerging mobile threats with a mix of standard signature, IP and website reputation feeds, and behavioral-based real-time signature technologies, based on adaptive expert systems.
To mitigate mobile device attacks from permeating the corporate environment, Radware recommends using signature detection technology coupled with network behavioral analysis (NBA) technologies.
"By pairing these two technologies, IT organizations can ward off malware and botnet attacks based on action and user profile," says Meyran. "These technologies combat threats without using millions of signatures to block every instance of malware that exists in the mobile network."
Signature detection technology has been around for nearly 20 years. It was designed to detect attacks that exploit known application vulnerabilities but not zero-minute malware and application misuse attacks.
"Therefore, adding a complementary behavioral analysis system allows IT departments to have greater control of their network domains," says Meyran.
Behavioral analysis technologies create a baseline of normal user, application transaction and network bandwidth behavior, he explains.
A behavioral engine can detect -- in real time -- cyber/mobile criminal activities that run attacks by misusing the application and network resources or by exploiting zero-minute application vulnerabilities. It then automatically creates a real-time signature that characterizes the attack pattern accurately to filter out malicious activity -- without blocking legitimate user traffic.