Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/22/2007
09:00 AM
50%
50%

Smart & Safe

Smartphones are a favorite new hacker target, and there's plenty you can do to lock 'em down

It was so nice while it lasted.

When the flood of trojans, worms, and viruses assaulting your desktop workstation finally gave you a massive case of the cyber heebie-jeebies, you could retreat to the small, safe confines of your smartphone. True, it was tough to browse all your favorite Web pages or edit that report for the board, but at least you didn't have to worry about malware. Yes, those were the days.

Today, smartphones are one of the most talked-about targets of malware authors. Granted, the malware we've seen so far has tended to be proof of concept stuff, but the concept has been proven and the aura of safety has been shattered. It's sad that we now have to be grateful that the anti-malware folks are paying attention and are launching products to protect the smartphones, but they have, and we are.

BitDefender just joined the fight with its Mobile Defender product released today. This follows the introduction of Kaspersky's Open Space Security announced at the recent RSA conference. (See Kaspersky Intros New Products at RSA.) You'll also find mobile device protection products from companies like McAfee, F-Secure, Symantec, and Trend Micro on the market, and more are certain to follow.

It's too much to hope that the availability of the anti-malware products ahead of any massive release of real malware will keep the smart phone space relatively safe, but at least we're not starting out too far behind the curve.

While you're thinking about all the product, too, you might give a thought to smart phone security best practices. You'll be happier having them in place before they're needed, than not.

Crooks have followed masses of people in every significant gold rush or migration in recorded history. With millions of people moving to smartphones, well, you know what's bound to happen. That peaceful, easy feeling, though — it sure was nice for a while.

— Curt Franklin is an enthusiastic security geek who used to be one of the Power Rangers (the red one, we think). His checkered past includes stints as a security consultant, an IT staffer at the University of Florida, security editor at Network Computing, chief podcaster for CMP Technology, and various editorial positions at places like InternetWeek, Byte, and Hog Monthly. Special to Dark Reading.

  • BitDefender
  • F-Secure Corp.
  • Kaspersky Lab
  • McAfee Inc. (NYSE: MFE)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-21392
    PUBLISHED: 2021-04-12
    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
    CVE-2021-21393
    PUBLISHED: 2021-04-12
    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
    CVE-2021-29429
    PUBLISHED: 2021-04-12
    In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
    CVE-2021-21394
    PUBLISHED: 2021-04-12
    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
    CVE-2021-22497
    PUBLISHED: 2021-04-12
    Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.