If securing our enterprise wasn’t already a full-time job, smart phones are becoming a popular platform for hackers to penetrate larger company systems. In Bill Brenner’s article, “Smart Phone Attacks: Here and Now,” he writes that after years of anticipating smart phone threats we’ve finally come to a point where we can no longer ignore them.
Smart phone threats have been looming for years. But with more people now using their BlackBerry’s and iPhones like their home computers and laptops to surf the Internet, trade files and potentially open infected email attachments, their phones can fall prey to viruses and malware that steal sensitive information such as credit card and Social Security numbers. Brenner writes:
“With all this happening, the bad guys now have reason to shift their attention and create new flavors of mobile malware. With so many of these devices hooked to company networks for access to e-mail and other programs, attacks on the phones can now be used to penetrate larger company systems. In other words, it’s time for IT security practitioners to start paying attention and making plans.”
Google’s head of Android security, Rich Cannings, agrees. He said phone attacks are not a thing of the future. They are upon us. And as smart phones grow in popularity, so will the number of attacks. “The smartphone OS will become a major security target. Personally, I think this will become an epiphany to malware authors.”
And one doesn’t have to look far to see how quickly this can be done. An article published today reported how a security analyst was able to successfully exploit Apple’s Safari browser on a MacBook Pro on the first day of a Pwn20wn contest, which awarded the winner the hardware they successfully attacked. It appears that these hacks involved a payload first being deposited before executing. Application whitelisting would have stopped them from running in the first place.
Compounding the problem is the fact that the growing number of applications on smart phones leave the same security holes wide open. With more mobile devices now being used to access corporate networks, security professionals need to consider how they can protect their systems from growing mobile threats.