Report: Mobile Devices More Secure

Monday, May 13, 2013 @ 03:05 PM gHale


As industries become more mobile, devices, when properly managed and protected, can be a highly secure platform, new research said. But that is the catch: Properly managed and protected.

“Users who live, work and play with multiple devices are demanding that banks, governments, retailers and other organizations embrace mobility,” said security provider Entrust’s President and Chief Executive Bill Conner. “Particularly in the enterprise, employees, managers and staff are adamant that mobile devices are essential work resources and urge their companies to realize the full potential of mobile computing.”

RELATED STORIES
Beta Patches for IP Camera Bugs
Viber Android Security Bypass
Mobile Malware Hikes 163%
Android Trojan Spreads through Botnet

A Forrester report, “Mobile Authentication: Is This My App? Is This My User?” found more than half of users (52 percent) now rely on three or more devices. It also found 60 percent of the devices see use for personal and business use.

To gain an even better understanding of how mobile perception is changing for IT decision-makers in the enterprise, Entrust signed Forrester Consulting to publish a new report, “Mobility Helps Enterprises Enter a New Age.”

Despite the growing reliance on mobility, IT decision-makers still believe traditional PCs are more secure than mobile devices. Of those who responded, some 71 percent either somewhat or strongly agreed that desktops/laptops are secure, as opposed to 43 percent that said mobile devices are secure.

“While mobile devices are technologically more secure than traditional PCs, decision-makers view mobile devices as insecure because of media reports and the small size and personal nature of the devices,” the January 2013 study said.

SMS-based malware Zitmo, and its variants, demonstrate how SMS redirection can exploit Android-based mobile devices for illegal financial gain. Another example, known as premium-rate fraud, leverages SMS-based malware to actively make money for the attacker by having the target Android device automatically text a SMS pay service, the study said.
Because of end-user comfort and trust in text messages, SMS-based malware can cause damage. Organizations should only deploy mobile security solutions that do not rely on SMS-based security controls, including SMS OTPs, for sensitive or high-risk transactions, the study said.

Desktop malware, performing malicious app-to-app process migration, native keyboard key-logging and Zeus-style memory-hooking, is not in mobile malware samples, the study said. Plus, specific mobile vulnerabilities usually have a short lifespan.

As for Android, malware usually only targets specific hardware, firmware and OS versions, which greatly reduces the viability and lucrativeness of large-scale infections.

Researchers base it on a multilayered approach that’s core to development of mobile operating systems. Applications installed on mobile devices end up digitally signed or thoroughly vetted. Legitimate applications also end up sandboxed, meaning they can’t share or gain access to each other’s information — an important trait that helps defend against advanced mobile malware.

Effective mobile security solutions could be the beginning to change the perception in the enterprise. According to the Forrester study, enterprises are investing more in mobile, and are making mobile security a high or critical priority this year.

This is an important shift as the true power of mobility has still not come to fruition. The use of mobile capabilities that actually increase security or streamline business — mobile commerce (10 percent), partner/supplier applications (12 percent) and customer-specific applications (14 percent) — is lower amongst responders. Once mobile devices have proper security and management, more enterprises will embrace mobility as a standard business component.

The study found 60 percent of firms, in 2012, said creating a comprehensive mobile and tablet strategy for their employees was at least a moderate priority. In addition, 54 percent of enterprise IT decision-makers are increasing their mobile investment this year. Responders said improved flexibility over traditional authentication (68 percent) and the ability to adapt to threats (64 percent) as primary reasons behind their new mobile policies.

In contrast, the study found 50 percent of enterprises have implemented, but are not expanding, very basic access to email and calendars from mobile devices. Of those same responders, access to network systems (42 percent) and supporting collaboration (36 percent) marked other accepted use cases.



Leave a Reply

You must be logged in to post a comment.