Dealing With Enterprise Mobile Security

From mobile malware to device management, enterprises need to have a plan for securing the smartphones connecting to their networks

Analysts were skeptical of the idea of anti-malware on smartphones, partly because the amount of malware in the wild targeting the devices is relatively tiny. For example, F-Secure Chief Research Officer Mikko Hypponen told eWEEK the company has identified about 520 mobile malware families – a drop in the bucket compared to the 50,000 PC malware threats Panda Security said it analyses and blocks daily.

Still, “[mobile malware is] a growing concern, as the general awareness for mobile threats is very low,” said Sean-Paul Correll, threat researcher at Panda Security.

“Premium rate SMS numbers are the most reoccurring monetisation technique in the mobile malware threat landscape,” Correll said. “The malware silently sends text messages to SMS short code services, which usually charge around $5 [USD] per text message. Historically we have seen more threats affecting the Symbian and Windows Mobile platforms, but we’re seeing the mobile threat landscape starting to move over to the Android platform because of its open market.”

Growing smartphone risks

Researchers identified what they called the first SMS Android Trojan earlier this year. In the case, users had to download a fake video player. When it was discovered, Google pointed out that before installing the application, users are presented with a screen showing what system resources and data the application has permission to access. Still, users who downloaded the application faced the prospect of their phone being used to ring up charges by sending texts to premium numbers.

Aside from malware, users also face threats from phishers.

“If you receive a phishing email and you read it on your computer, you are pretty well protected,” Hypponen said. “The security product on your computer will likely detect the email as phishing and delete it. Even if it doesn’t, when you click on a phishing link, the security product will detect and block the URL as a known phishing site. Even if that fails, most web browsers block access to known phishing sites.”

“The problem is that none of those safeguards exist on your smartphone,” he continued. “Yet, we read a larger and larger portion of our emails on our phones, not computers. And in addition, when you click on a link on your phone, the URL of the site is often not showed or it’s truncated as the screen is smaller, making phishing URL tricks easier.”