Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/10/2006
05:34 PM
50%
50%

The War On Malware Goes Mobile

Remember the good old days, when your only concern about issuing and managing cell phones and PDAs was that someone would leave theirs in a taxi or on an airplane? Now viruses and mobile malware have reared their ugly heads, further convincing IT departments that BlackBerrys, cell phones, laptops, and PDAs must be locked down with as much vigor as back-end systems. The result is a slew of mobile data security options that include mobile encryption and even a kill switch for data should it fall i

Remember the good old days, when your only concern about issuing and managing cell phones and PDAs was that someone would leave theirs in a taxi or on an airplane? Now viruses and mobile malware have reared their ugly heads, further convincing IT departments that BlackBerrys, cell phones, laptops, and PDAs must be locked down with as much vigor as back-end systems. The result is a slew of mobile data security options that include mobile encryption and even a kill switch for data should it fall into the wrong hands.The latest version of Credant Technologies' Mobile Guardian Enterprise Edition, introduced earlier this week, includes a poison pill that administrators can set up to wipe data from mobile devices if they're stolen. It can be sent down as a policy over the network, or as a set of preset rules. Unfortunately, there's no truth to the rumor that holding a Mobile Guardian-enabled phone to your ear can likewise erase unpleasant memories of your daughter's new boyfriend or your spouse's recent shopping extravaganza.

Version 5.1 of Credant's software does let users encrypt data files sent to or from mobile devices via E-mail or IM. Companies can use the software to generate policies regarding the type of data that can be shared with, and stored on, mobile devices and whether that data is encrypted. Mobile Guardian Enterprise Edition then downloads a software agent, which Credant calls a "shield," onto the mobile device to enforce corporate mobile data security policies. The Credant 2GO feature in version 5.1 lets users encrypt specific files, such as a PowerPoint presentation, on a USB storage drive and then access that presentation from any PC into which that drive is later connected. And this latest version supports the Windows Mobile 5 and Symbian operating systems.

Credant is far from alone in its attention to mobile security. Mobile Armor LLC earlier this week introduced mobile data security software and services that work with BlackBerrys, cell phones, laptops, and PDAs to deliver and manage security policy, encrypt data, provide a mobile firewall, scan for viruses, and create secure VPN connectivity. Trust Digital likewise is set to introduce the latest version of its software for securing data that resides on mobile devices. Trust Digital 2006 includes data encryption and policy management capabilities.

People have been losing cell phones and other mobile devices for years, so why all the fuss now? For one thing, these devices are increasingly likely to contain valuable enterprise data as today's workforce is encouraged to work from anywhere they happen to be. For another, mobile viruses have become a growing menace to road warriors and the administrators responsible for securing those devices.

Anti-virus researcher and software provider Kaspersky Lab in late February reported the debut of RedBrowser.a, a Trojan targeting mobile devices. Kaspersky noted that RedBrowser.a is the first malicious program that infects not only smart phones, but any mobile phone or device capable of running Java 2 Micro Edition, or J2ME. RedBrowser.a pretends to be a wireless access protocol-enabled browser that offers free WAP browsing using free SMS messages to send the WAP page contents. RedBrowser.a can be downloaded to a victim's handset via the Internet (from a WAP site), Bluetooth, or a personal computer. The Trojan then installs code that sends out text messages to premium-rate phone numbers in Russia, with the users charged $5 to $6 for each message.

Before you cancel your cell service and dust off your rotary phone, it should be noted that Kaspersky Lab has only received one sample of RedBrowser.a, which targets subscribers of Beeline, MTS, and Megafon, Russia's major mobile service providers. The social engineering texts used in RedBrowser.a are in Russian, which limits the Trojan only to Russian-speaking countries. But companies shouldn't be fooled into thinking that mobile users outside of Russia are less susceptible to a similar ruse.

Another mobile virus called "Crossover"--this one held in captivity by the mobile device malware researchers at the Mobile Antivirus Researchers Association--surfaced in February as the first malware able to infect both a Windows desktop PC and a PDA running Windows Mobile for Pocket PC. Crossover can move from a Windows PC to a handheld device as soon as it detects a connection using Microsoft's ActiveSync synchronization software. When running on a portable operating system, it will erase all the files in the My Documents folder and copy itself to the startup folder.

Fortunately, Crossover is a proof-of-concept virus, meaning it wasn't released into the wild and therefore isn't a widespread threat. But the very thought that hackers are focusing their attention on mobile devices, and that vendors are bringing an increasing number of mobile security products to market, indicate it's only a matter of time before the war on malware spreads to a wireless theater of battle.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31414
PUBLISHED: 2021-04-16
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
CVE-2021-26073
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or ...
CVE-2021-26074
PUBLISHED: 2021-04-16
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a se...
CVE-2018-19942
PUBLISHED: 2021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QT...
CVE-2021-27691
PUBLISHED: 2021-04-16
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request...