The average consumer simply doesn’t care about security today, but they will in 5 years. You can’t go an entire week without reading a story about the Chinese Government or some hacker group trying to access an individual or corporation’s private data. As smartphones become more ubiquitous, users are going to buy more of the smartphone platform that affords them more protection against malware and potential theft of personal data.
Many of you have noticed this option but in case you haven’t, go to Options > Device > Location Settings and scroll down a little. There, you’ll see the Enable GPS option with a message that says: “Anonymously collects data to improve the speed and accuracy of future location services.” The intent is pretty clear and RIM is building a database of location data in order to be able to improve their software. RIM is explicit that the data is anonymous and give the user the ability to disable. Again, if Apple and Google had been this open about their location data collection, it probably wouldn’t have turned into such a debacle.
Read more over at SmrtGuard’s Resource Center where they’ll have regular content in the mobile security space.
Tyler Shields, senior researcher at Veracode Research Lab developed a proof-of-concept spyware package that demonstrates how simple it is to retrieve private data from a BlackBerry.
The above video demonstrates the spyware package, which he calls TXSBBspy, and uses it to take some very confidential information. In the demonstration, he uses some basic, publicly available functions to remotely dump all email and SMS messages, send the contents via e-mail, and conduct real-time monitoring of phone messages. He also remotely listens to a room using the BlackBerry’s mic, and follows the a user unknowingly by listening to their GPS updates.
This is a hot topic right now for BlackBerry as more users are downloading applications and accepting permissions without fully understanding what they’re allowing the app access to. Personally, I think RIM needs to give very specific instructions to the user about what they’re allowing an app to access. The permissions screen is far too vague.
The widespread consumerization and general adoption of smartphones in the workplace is adding another layer of IT complexity. It’s important to remember that carrying a smartphone is similar to having a computer in your pocket. Therefore, these devices face the same security threats as a PC. Along with network vulnerabilities that stem from malware embedded Websites and email attachments, applications are also at risk.
The increased popularity and availability of smartphone applications creates security implications for employees who increasingly download these apps onto their corporate phones. Today’s enterprise is ill equipped to handle the expected wave of device issues resulting from rogue applications. A rogue application could cause a security threat by pulling sensitive data from the network. Continue reading about security and compliance issues facing today’s corporations
The spyware intercepts emails and drains battery life remarkably fast. According to Chris Eng at Veracode, “the server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.”
We are living in an age where our smartphones are becoming our personal computers, and therefore the focus of those who want to exploit our personal data in any way they can. Dan Hoffman, CTO of SMobile Systems said it best, “The truth about smartphones is that they are used in the same manner as personal computers and are susceptible to the same threats. It has become clear that smartphone users need to proactively ensure their devices contain the necessary security software to protect not only their e-mail and messaging data, but also to protect their identity and the integrity of their mobile financial transactions.”
