Creating a company mobile phone policy to fight mobile phone malware

Creating a company mobile phone policy to fight mobile phone malware

Attackers are increasingly targeting mobile platforms to siphon large sums of money. What are some best practices enterprises can implement to prevent corporate smartphones from being targeted?

    Requires Free Membership to View

    Login

    SearchConsumerization.com members gain immediate and unlimited access to the latest on tablet and smartphone operating systems and applications, enterprise device management strategies for consumerization, and tips on securing mobile devices in the enterprise -- all at no cost. Join me on SearchConsumerization.com today!

    Colin Steele, Senior Site Editor

    By submitting your registration information to SearchConsumerization.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchConsumerization.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

While smartphone security is currently as underdeveloped as desktop computer security was in the 1980s , smartphones have the benefit of the last 20-30 years of advancements in the antimalware industry. Criminals are targeting new platforms where they think they can make money, and monetizing malware is one area where attackers are significantly farther ahead of the virus authors from the 1980s. This, in turn, significantly increases the risk to smartphones, since criminals are more directly able to monetize their malware via this vector. However, attackers are still predominately targeting Windows systems.

Mobile phone malware authors have developed malware for smartphones that will make calls to premium billing locations or send text messages to premium services to make money ; similar to dialer malware for PCs. The malware authors either create or have a stake in these premium services, which typically charge extravagant rates for texts or calls to them. However, this malware has not spread widely, for one, because of the diversity of the operating systems in use on smartphones; this could change, though, as OSes like Symbian -- which currently has the largest share of the smartphone operating system market -- and others are growing.

There have been whole books written on smartphone security, but there are a few simple best practices enterprises can implement to prevent corporate smartphones from being exploited. These best practices start with a company mobile phone policy that involves user education: Users should be told not to install applications from unknown sources or "jailbreak" their smartphones. Smartphones have been protected by the fact that there is generally more oversight and control by default in how software is installed on them, since many smartphones use only vendor-approved applications like those downloaded from the Apple AppStore or the Android Marketplace. It is more difficult for malware to be installed on smartphones, but like on desktops, users will willingly install malware when they think the other facets of the download -- like a Twlight Eclipse Preview, as emonstrated by security researcher Jon Oberheide-- are interesting enough. To protect against rogue malware from being installed, an antimalware application could be installed to protect the smartphone as Mikko Hypponen mentioned in his Blackhat 2010 presentation.

Combating malware is only one part of smartphone security; enterprises should also ensure users have strong passwords and should enable remote management and wipe capabilities for all mobile devices to ensure they are adequately protected.

This was first published in September 2010

Back to top