Protecting information on mobile devices

Threats are growing more ominous with 'bring you own device'

Lock picture

Protecting mobile devices and the data they hold in a 'bring your own device' world is a challenge.

Anti-malware and encryption technologies for PCs are still very much a work in progress for mobile devices, which also face attacks that do not exist for the standard business PC.

The most serious threat during 2013 may come from malicious and high risk Android apps. Online security specialist Trend Micro has predicted there will be 1 million such attacks in 2013, up from 350,000 in 2012.

Mobile malware threat

One major threat is the risk from mobile malware. This has increased dramatically in the past two years with tens of thousands of threats, according to David Emm, senior security researcher, Kaspersky Lab.

"Right now the most widespread threats are SMS trojans, advertising modules and exploits designed to gain root access to the smartphone. However, at the start of 2012 we also saw the emergence of the first mobile botnet, a clear indication that cybercriminals are paying more attention to mobile devices," he says.

"Then there is the risk of data loss from lost or stolen devices that contain sensitive business information or from conducting confidential transactions on insecure networks, for example public Wi-Fi hotspots."

Add to this the dangers of toll fraud, such as when malware is used to intercept premium rate SMS billing messages and payments, and phishing emails. The latter can be more effective on mobile devices as people respond more quickly and perhaps more thoughtlessly, while on the move.

Geolocation technology on mobile devices also poses a threat, as it can identify the user's movements.

Eric Maiwald Research Vice President at Gartner, says: "There are some cases where the mere fact that an individual has visited another location, taken a trip and talked to another company for example, might be exceedingly sensitive information. In that case geolocation is important.

"Countering it is very difficult, partially because the users often give up their location on purpose. You have seen it on Facebook where people are tagged at a location.

"If that is something the user wants to do, it is very difficult for the enterprise to counter it. At this point I don't know if technology is going to solve that problem."