Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/10/2006
05:34 PM
50%
50%

The War On Malware Goes Mobile

Remember the good old days, when your only concern about issuing and managing cell phones and PDAs was that someone would leave theirs in a taxi or on an airplane? Now viruses and mobile malware have reared their ugly heads, further convincing IT departments that BlackBerrys, cell phones, laptops, and PDAs must be locked down with as much vigor as back-end systems. The result is a slew of mobile data security options that include mobile encryption and even a kill switch for data should it fall i

Remember the good old days, when your only concern about issuing and managing cell phones and PDAs was that someone would leave theirs in a taxi or on an airplane? Now viruses and mobile malware have reared their ugly heads, further convincing IT departments that BlackBerrys, cell phones, laptops, and PDAs must be locked down with as much vigor as back-end systems. The result is a slew of mobile data security options that include mobile encryption and even a kill switch for data should it fall into the wrong hands.The latest version of Credant Technologies' Mobile Guardian Enterprise Edition, introduced earlier this week, includes a poison pill that administrators can set up to wipe data from mobile devices if they're stolen. It can be sent down as a policy over the network, or as a set of preset rules. Unfortunately, there's no truth to the rumor that holding a Mobile Guardian-enabled phone to your ear can likewise erase unpleasant memories of your daughter's new boyfriend or your spouse's recent shopping extravaganza.

Version 5.1 of Credant's software does let users encrypt data files sent to or from mobile devices via E-mail or IM. Companies can use the software to generate policies regarding the type of data that can be shared with, and stored on, mobile devices and whether that data is encrypted. Mobile Guardian Enterprise Edition then downloads a software agent, which Credant calls a "shield," onto the mobile device to enforce corporate mobile data security policies. The Credant 2GO feature in version 5.1 lets users encrypt specific files, such as a PowerPoint presentation, on a USB storage drive and then access that presentation from any PC into which that drive is later connected. And this latest version supports the Windows Mobile 5 and Symbian operating systems.

Credant is far from alone in its attention to mobile security. Mobile Armor LLC earlier this week introduced mobile data security software and services that work with BlackBerrys, cell phones, laptops, and PDAs to deliver and manage security policy, encrypt data, provide a mobile firewall, scan for viruses, and create secure VPN connectivity. Trust Digital likewise is set to introduce the latest version of its software for securing data that resides on mobile devices. Trust Digital 2006 includes data encryption and policy management capabilities.

People have been losing cell phones and other mobile devices for years, so why all the fuss now? For one thing, these devices are increasingly likely to contain valuable enterprise data as today's workforce is encouraged to work from anywhere they happen to be. For another, mobile viruses have become a growing menace to road warriors and the administrators responsible for securing those devices.

Anti-virus researcher and software provider Kaspersky Lab in late February reported the debut of RedBrowser.a, a Trojan targeting mobile devices. Kaspersky noted that RedBrowser.a is the first malicious program that infects not only smart phones, but any mobile phone or device capable of running Java 2 Micro Edition, or J2ME. RedBrowser.a pretends to be a wireless access protocol-enabled browser that offers free WAP browsing using free SMS messages to send the WAP page contents. RedBrowser.a can be downloaded to a victim's handset via the Internet (from a WAP site), Bluetooth, or a personal computer. The Trojan then installs code that sends out text messages to premium-rate phone numbers in Russia, with the users charged $5 to $6 for each message.

Before you cancel your cell service and dust off your rotary phone, it should be noted that Kaspersky Lab has only received one sample of RedBrowser.a, which targets subscribers of Beeline, MTS, and Megafon, Russia's major mobile service providers. The social engineering texts used in RedBrowser.a are in Russian, which limits the Trojan only to Russian-speaking countries. But companies shouldn't be fooled into thinking that mobile users outside of Russia are less susceptible to a similar ruse.

Another mobile virus called "Crossover"--this one held in captivity by the mobile device malware researchers at the Mobile Antivirus Researchers Association--surfaced in February as the first malware able to infect both a Windows desktop PC and a PDA running Windows Mobile for Pocket PC. Crossover can move from a Windows PC to a handheld device as soon as it detects a connection using Microsoft's ActiveSync synchronization software. When running on a portable operating system, it will erase all the files in the My Documents folder and copy itself to the startup folder.

Fortunately, Crossover is a proof-of-concept virus, meaning it wasn't released into the wild and therefore isn't a widespread threat. But the very thought that hackers are focusing their attention on mobile devices, and that vendors are bringing an increasing number of mobile security products to market, indicate it's only a matter of time before the war on malware spreads to a wireless theater of battle.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25137
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /a...
CVE-2020-25138
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test...
CVE-2020-25139
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_ru...
CVE-2020-25140
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE-2020-4531
PUBLISHED: 2020-09-25
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sy...