Is your smartphone safe?
Hackers are a curious breed. Literally—the man behind the latest Twitter worm said he just "wanted to experiment." (Source: New York Times) But these annoying experiments can quickly become malicious.
And they can do some real damage via smartphones. Those tiny devices know their users pretty well. They travel everywhere together, while tracking locations. Users access e-mails, view bank statements, and buy train tickets through smartphones. They use their devices to update social networks and research where to go over the weekend.
Hungry for the mobile Internet
The use of the mobile Internet for browsing and downloading applications doubled between April 2009 and April 2010, according to Morgan Stanley. Social networks—primary targets for attacks—accounted for 40% of this traffic.
A matter of trust
Users are putting a lot of trust into their mobile devices, and by extension, the network that transmits their data. If something bad happens to their device, users will call you (their service provider) first.
And hackers have plenty of incentive to make something bad happen. They can make some serious cash off of the wealth of information users give their smartphones.
Here's how hackers go about exploiting smartphones:
The 5 Ps of Mobile Security
- Probe: the hacker finds the smartphone.
- Penetrate: they access the smartphone.
- Persist: they figure out what to do with all the wonderful information they just gained access to.
- Propagate: they infect others through their smartphones.
- Paralyze: they paralyze the smartphone, steal the information and run away.
The problem: a lack of visibility
To prevent this invasion from happening, we can treat mobile security just like we treat computer security: download a security application onto the device. But if we do just that, it's still easy for hackers to accomplish their first three steps via your network.
Plus, we'll likely see more mobile attacks as mobile Internet use increases. We saw the same trend with computers: as broadband use spread, so did security attacks.
Applications can be another blindspot. App stores, such as Apple's and Android's, have changed the way people consume information on smartphones. Apple approves every application in its store, but app updates come directly from the developer without the same approval process. In addition, there's no such governance with Android apps. It's a free market. You don't have visibility into the security of these apps.
The solution: know what's in your own pipes
To fully protect users, every element of your network should be security aware. It should be a fundamental part of your infrastructure planning.
Security is important for consumer smartphone users, who access social networks regularly and are increasingly using mobile banking and e-commerce. But it becomes crucial as users begin to increasingly access cloud services for business use.
You need to protect both types of users' data when it goes beyond your network and into the cloud. For example, many smartphone applications are accessing data from a cloud that's beyond your control. To fully protect users, you need to know if any malicious content is coming back from the cloud. How? Build comprehensive, centralized security into your network.
Not just a band-aid
It's difficult to add security on to an existing network. Data is growing so rapidly that one centralized piece of equipment is not going to scale well. Again, every element of your network should be security aware.
How do you achieve performance and security together? Enable content inspection in your network.
You'll have a better understanding of what information is coming back from the cloud, and the ability to protect your users from malicious attacks. Plus, you'll gain the intelligence to offer users more personalized services, with their permission.
With content inspection, you get to know your users' just as well as their smartphone does—but you'll be much better equipped to protect your users' data.
