Hacking

Report: Mobile Malware Will Clobber Enterprise Security in 2011

iPads, iPhones and Android smartphones will be among the major targets for cybercriminals in the coming year, McAfee has warned.

That’s because the consumerization of technology is leaving enterprise IT unprepared for the onslaught of personal devices in the corporate environment.

Expect cybercriminals to set up botnets of Apple devices and to introduce Trojans for Apple devices, McAfee Labs warned.

Geolocation features in social media websites, which are also available on smartphones, will further compound exposure to cybercriminals, McAfee Labs said.

Mobility Is a Double-Edged Sword

Mobile devices, in particular the iPad and iPhone, are catching on in the enterprise because they offer speed of access and cut costs. Salesforce.com has equipped its executives with iPads, as have Mercedes-Benz distributorships in the United States.

Medical students at the University of Central Florida and Stanford University are being issued the devices. JPMorgan Chase has already equipped executives with iPhones and is adding iPads to the list. California investment firm SafeView Advisory Group is getting iPads for staffers in some of its offices to use when calling on clients.

“The consumerization of technology is a slippery slope,” Dave Marcus, director of security research for McAfee Labs, told TechNewsWorld. “How many people got Android smartphones or iPhones over Christmas? They’re going to expect to be able to use these devices at work come January.”

That’s when the trouble will begin.

Few users understand or follow security procedures, and this will make it easier for cybercriminals to set up botnets — networks of computers used to distribute malware or launch cyberattacks on targets, run by a central command and control center. Cybercriminals will steal user and corporate data through unsecured mobile devices in the enterprise, Marcus said.

Enterprise workers who bring in their own mobile devices should know them well, Marcus said. “Spend some time with your device and realize what that functionality means to your data,” he suggested.

Take iPad or iPhone owners who send tweets from their devices, for example. “When a popup appears asking if you want to add your location to that data, understand what goes on when you click OK,” Marcus pointed out. “And understand someone can go to Bing or Google and graph out your Tweets and your location.”

Apple did not respond to a request for comment by press time.

It’s Not Just iInsecurity

Another area of vulnerability for iDevices is the free apps smartphone users tend to download.

Some free apps for the iPhone and iPad reportedly transmit users’ personal information to advertising networks without their consent.

A lawsuit has been filed against Apple over this issue.

The suit, “Lalo v. Apple, 10-5878,” has been filed in the U.S. District Court of the Northern District of California in San Jose.

However, Apple isn’t the only culprit.

“I think this is a vastly bigger problem than just Apple,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.

“Providing geolocation and other personal information is Google’s business model, and I’m surprised they weren’t highlighted as the bigger problem,” Enderle added. “There’s a massive effort to capture as much information on us as possible and to provide that to third parties who will pay for it.”

Such personal information isn’t adequately protected, and Enderle predicted that the illicit gathering of personal information “will undoubtedly be one of the biggest issues of this year, if not of this decade.”

Going Social

Social media websites that offer geolocation services, such as Facebook, Gowalla and Foursquare, will further expose the whereabouts and preferences of users and what operating systems and applications they use, McAfee Labs warned.

This will make people more vulnerable to targeted attacks, which are aimed specifically at select users such as corporate executives.

Such targeted attacks have a higher rate of success than random attacks and are being increasingly used by cybercriminals.

Working on the Security Problem

Given that businesses are rushing to consumerize IT to save money, what can they do to bolster their security?

One possible solution is to develop a list of accepted apps. Push out that profile to users and allow them to only download those apps, McAfee Labs’ Marcus said.

“The mobile users will be behind the enterprise firewall,” Marcus pointed out. “I think business has the right to decide what kind of access to allow and then monitor the applications and enforce its policy.”

However, Marcus acknowledged that this could lead to a backlash from angry users and will be difficult to enforce because the devices will be owned by the workers, not the corporation.

“There must be some agreement between the business and the user,” Marcus stated. “But ultimately, there’s no easy answer.”

1 Comment

  • Basically Apple worshipers will be drowning in their own, smug, stupidity. And at the same time, Apple took advantage of these people by feeding them lies about how apple software was just better, and it "just works" and won’t get viruses etc etc. They’ve been warned, over and over, that Apple was no better at fending off malware, cyber attacks, trojans etc than anyone else. But they wouldn’t listen. The only reason they were safe is a term known as "security though obscurity". Malware writers don’t waste time on obscure lesser known platforms, but write for the biggest target. So Apple was ignored as a target, but their popularity has in part grown due to this…

    And as it has grown in popularity, one of the very reasons people bought apple disappears and short circuits itself as the devices become more and more at risk. It makes sense. On desktops, windows was the main operating system and the main target. But on mobile, due mostly to uninformed, apple worshiping, teen-bots, apple has the most platforms and is becoming a big target. The other main reasons for buying apple products was typically social status AM ong teens and fashion. Hey, you’re 19, and 3 of your friends have iphones and you don’t. Not cool. So you need one of those shiny things to show you too are cool. Older adults know better and don’t mind using what works, but teens and young 20something are trapped into a fad for the most part…

    So we now have a population with tons of basically, poorly protected mobile devices. The hackers will start with the most common one first, Apple, and then proceed through the list of Android phones. Apple will likely try to fend them off for a while, only to end up failing in a miserable, long list of security patches and updates over the next few years. What also is sickening is the smugness Apple users have with a high snob factor. Notice how they hand out ipads to Mercedes employees. Notice Mercedes is a typical car that you’d expect a snob to own. Also notice they are issued to medical students. Again, the snob factor continues. Next is lawyers, lol. I’m right! There is nothing worse than seeing a misinformed, 20 year old med student, thinking he’s all that, and opening his stupid iphone or ipad thinking Apple is the epitome of human aspirations, yet he’s so ignorant he has no idea of how much he has to grow up.

    In the future, the devices will probably mostly be ok for those who do the patches, and will get the treatment you’d pretty much expect for windows devices etc, except that Apple is behind Microsoft in security experience. Actually this is why Apple has recently hired security experts from Microsoft to help them. Yep, it’s true, look it up. It is..

    However, mostly the Apple users who are in continual denial will think their apple device is still best against malware, but fact is it won’t be. Instead it will be most targeted because ipad and iphone are the most produced mobile devices. HEY! Maybe Microsoft can take a cue from Apple and learn how to use the same marketing to claim they are secure (when their phone is just obscure, lol). They could hire a Justin Long-like guy for their commercials who will claim that Microsoft has the lowest incidence of malware on their mobile phones since all the malware writers will simply target the more popular iphones. Brilliant!

    But seriously, over the next few years, hopefully there will be some that will learn a long and hard lesson that Apple had just taken advantage by fooling them into thinking they were so much more secure when they are not. OR, maybe we’ll all get lucky and the malware writers will just quit their hobby (yeah right). As history continues to repeat itself, we will just end up with all these competing venders of mobile devices, with fanboys fighting on all sides about which is best… Blah! What a headache!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Hacking

Technewsworld Channels