Double-edged sword of smartphones

Some of the very devices that have transformed the business arena are also proving to be a serious security threat, writes Ciara…

Some of the very devices that have transformed the business arena are also proving to be a serious security threat, writes Ciara O'Brien

SMARTPHONES MAY be indispensable to business users, but the devices are also viewed as an increasing security threat, new research has found.

A survey carried out by US-based network security and compliance auditing firm NCircle found that iPhones are considered the greatest security risk to enterprise, ahead of rivals Blackberry, Nokia and Android devices.

The smartphones, which typically handle e-mail, internet access and some basic productivity functions such as document creation or spreadsheets, have become increasingly popular with consumers and business users.

READ MORE

The NCircle survey, which questioned 257 security professionals between February 4th and March 12th, placed Apple’s device at the top of the list, with 57 per cent of those who took part naming it as the biggest threat.

This is despite the fact that Apple currently does not feature in the top five mobile makers in the world by shipment.

Top of the list is Nokia, with a 36.4 per cent share of the global market in 2009, according to market research firm Gartner. Only 13 per cent of those surveyed felt the company’s smartphones posed a risk. This compares to only 39 per cent who viewed Google’s Android devices as the greatest risk and 28 per cent for BlackBerry.

However, Gartner noted Apple was stealing market share from the top mobile phone companies. It comes in third in the smartphones stakes, behind market leader Symbian, with a 46.9 per cent share, and Research in Motion, which has a 19.9 per cent share for its Blackberry devices.

Apple has a 14.4 per cent share for its iPhone operating system in 2009, ahead of rivals Windows mobile, with 8.7 per cent and Android at 3.9 per cent.

Apple and Android were the two star performers of the year, with Apple gaining 6.2 per cent, putting it ahead of Microsoft, and Android increasing its market share by 3.5 percentage points.

“The general consensus is that Apple continues to do only the absolute minimum to address enterprise security and supportability requirements,” says Andrew Storms, director of security operations for NCircle.

“We haven’t seen any new enterprise iPhone security features from Apple since the summer of 2009 when they introduced their new hardware level encryption, which was almost immediately subverted. This is not the kind of behaviour security professionals want to see in vendors.”

There has been some evidence of worms aimed at attacking iPhones that have been jailbroken to allow third-party software to run on the device.

Chief executive Matt Norton says this could pose a headache for firms in the future, Sentry Wireless. He notes that while many users are not getting the full potential out of their smartphones, the real problem is coming down the line. “It’s more about future potential rather than a problem many of them are facing today.”

At the heart of it is the lack of security locks people employ on smart devices. While there is mobile anti-virus software available, this does not guard against unauthorised people gaining access to confidential data on the device, or simply transferring company files to the device to remove from the office.

“The most obvious one is that the phone isn’t locked. If they lose the phone, then someone who finds it has access to confidential e-mail and text messages,” Norton says.

“There are also phishing attacks, where people send a message to someone where they fake the ID of the sender and as a result dupe someone into calling them back with confidential information. We haven’t seen it take place in a corporate environment yet but there’s no reason why we wouldn’t.”

A new danger for European users could be on the way as malicious users take advantage of the increasing number of networks that offer unlimited text messages in return for minimum consumer spends every month.

“We haven’t spoken yet to an operator who doesn’t expect SMS spam to be a real issue within the next 18-24 months within Europe,” Norton adds.

ay limit opportunities for businesses both in terms of advertising and creating new business.

Norton said This may limit opportunities for businesses both in terms of advertising and creating new business.

Norton says banks are keen to use SMS to promote their business and sell new services, given they have a very high response rate in other markets.

“The issue for them is because they are so responsive, it means it is also a security risk. If someone receives a text message like that, there’s a real danger they could respond to it without it actually being the bank and, during the course of bad engagement, hand over all of their personal details.”

He says mobile advertising, currently in an “embryonic” stage, would also be damaged by spam.

However, it wasn’t all bad news for smartphones. The NCircle survey also reveals that 58 per cent of respondents have a corporate smartphone security policy in place, although fewer than two-thirds of them actually enforce it.

“The good news from this survey is that a greater number of companies are starting to understand the security ramifications of mobile devices,” Storms says.

“It is encouraging that a majority of companies have a smartphone security policy and enforce it.”