Smartphones are not only becoming more widely adopted by general consumers, businesses are tapping into the seemingly magical powers supplied by the iPhone, BlackBerry, Droid and others. And that can create security nightmares for IT guys out there.
Radware, a provider of integrated application delivery and network security solutions, has just unveiled its top three threats to businesses whose employees use the mobile Web. They range from simply annoying to potentially devastating:
- Battery Drain: Sends packets to a mobile device preventing it from going into sleep mode — could involve as little as sending 40 bytes every 10 seconds, wasting resources to drain the smartphone battery.
- Malware Spread: IT departments often invest in securing internal applications and users, but they don’t traditionally put emphasis on how to secure the network from individual users’ smartphones. Malware can infect a user’s smartphone from the public mobile network, and then spread to the corporate network, bypassing perimeter security measures.
- Misuse of Smartphone Resources: Smartphones are an easy recruitment target into botnets. Botnet operators can install bot malware and then remotely control the smartphone to send spam or launch network attacks such as network flooding, application flooding, brute force, network scanning, application vulnerability hacking and more. In this case, the botnet operator takes advantage of the smartphone’s security lag, when the device is connected to a high speed mobile Internet connection.
“A combination of security technologies must be deployed across the corporate network to mitigate application attacks caused when mobile devices are ‘opened up’ to threats from social networking sites, sending/receiving emails, or searching the Internet," said Avi Chesla, vice president, Security and Management Products, Radware. “By 2011-12, we expect organizations will implement a mix of standard signature, IP and website reputation feeds and behavioral-based real-time signature technologies, based on adaptive expert systems, to fight emerging mobile threats."
Radware recommends a solution of signature detection technology coupled with network behavioral analysis (NBA) technologies. By pairing these two, IT organizations can ward off malware and botnet attacks based on action and user profile without the need for millions of signatures to block every instance of malware that exists out in the mobile network.
