News Stay informed about the latest enterprise technology news and product updates.

Experts spot mobile malware warning signs

A mobile malware crisis may not may not be imminent, but it may only be a matter of time. Experts explain which warning signs to look out for.

WASHINGTON, D.C. -- Reports of new viruses and other malicious code targeting smart phones and other personal digital assistants are almost commonplace, but an attack that causes business interruption and costs more than AV protection will not occur before the end of 2006.

For more information

This story originally appeared on
Analysts at this week's Gartner IT Security Summit in Washington, D.C., said three factors need to converge before mobile malware becomes more than a "niche nuisance."

  • Penetration of smart phones and PDAs with always-on wireless must exceed 30% of consumers and organizations. Right now Gartner projects that figure to reach 10% by the end of this year.

  • Mobile platforms' operating systems and application languages must consolidate to no more than three choices splitting 90% of the market, with one platform getting nearly half of market share.

  • Mobile device users must be accustomed to commonly sending and receiving locally executable software.

    "When all these factors come together, an attack could be more realistic," Gartner Vice President John Pescatore told a crowd of attendees. "In 2007 we'll begin to see incidents that cause damage."

    Without these three factors, analysts say mobile malware can have only an isolated impact; they recommend that organization avoid purchasing expensive point solutions until these factors come together. Instead, organizations should use AV on PDAs used for critical business processes and require PDA security vendors to include boot-up protection and personal firewall capabilities along with AV support.

    Begin by analyzing existing security policies to discover holes affecting mobile devices and ask wireless service providers to document existing and planned capabilities for blocking mobile malware in the network. If they don't offer in-the-cloud mobile malware protection by the end of 2006, negotiate with desktop host-based security providers for a low-cost extension for mobile devices.

    But that's just one of the five most over-hyped threats, according to the Gartner Group. Analyst Lawrence Orans said IP telephony is another area where you should "forge ahead if it makes good business sense for your enterprise."

    IP telephony/VoIP
    Though it can be the victim of denial-of-service attacks or of an unpatched operating system vulnerability, preventive measures are similar to those for best practices in both converged and data-only environments. Orans said the most over-hyped threat is eavesdropping, which is unlikely because it requires LAN-based access and can be "easily highlighted by monitoring LAN traffic for anomalous behavior." Orans recommends that security managers apply the same guidelines for encrypting voice traffic as they do for data.

    Internet failure
    Another hype point is that a "Warhol" worm will bring the Internet to its knees. Gartner analysts say "the Internet will meet performance and security requirements for all business-to-consumer traffic, 70% of business-to-business traffic and more than half of corporate WAN traffic through 2007."

    A great deal of hype also surrounds the idea that regulatory compliance equals security. Not true, said Pescatore, who believes that regulations very rarely focus on the real issues at the heart of security problems and simply lead to over-reporting.

    "Investing in compliance over security controls is security bulimia," Pescatore said. "We're vomiting out results but we're weaker when we're done." He suggests focusing on regulatory pressure to improve security processes rather than buying security products.

    Gartner said that through the end of year 2007, 80% of compliance spending will result in no measurable increase in security.

    Lastly, there's the threat of the Evil Twin to wireless hot spots. Evil Twins pose as legitimate hotspots that allow users to connect to unauthorized access points that overpower real hotspots, leaving themselves open to attack. The analysts said uneducated consumers are the most likely victim here, but enterprises can equip and educate their road warriors with the tools and knowledge to mitigate these threats.

    Security measures organizations should incorporate for mobile workers include:

  • Requiring users to seek out 802.1x protected access points;

  • Requiring use of the corporate VPN connection;

  • Deploying endpoint software that monitors for "evil twins, such as products by AirDefense, AirMagnet and T-Mobile Connection Manager;

  • Following best practices for mobile endpoints; using personal firewalls; and

  • Turning off file/print sharing.

  • Dig Deeper on Mobile Security

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.