Page 7 - index
P. 7
Beyond BYOD: Why mobile is the new perimeter
The mobile device creates a whole new threat landscape for individuals and business alike.
Heard that before? It‘s a sentence that has been uttered by companies like ours for years. But it
isn‘t until you break it down into its individual parts that you start to understand just why we‘re all
waving our arms in the air.
That little device that lives in your pocket is a phone, yes. It‘s also a camera. Scratch that, it‘s a
video camera (remember when there was a difference?). It‘s a tape recorder, a map, an Internet
hot spot, a Bluetooth device -- and we haven‘t even gone into non-bundled apps yet.
That‘s a lot of opportunities – or attack vectors – for people with questionable motives to take
advantage of and do some really nasty things. Of course, the Bring Your Own Device culture
shift has created a new line item on the IT checklist of ―things to watch,‖ but the bigger issue at
hand is convincing the world that perimeter security as it exists is simply not going to cut it.
Mobile devices have created a new perimeter.
Smartphones and tablets need to be as preciously protected as traditional PCs. They sit on the
edge of your personal life and your business. And unlike PCs of old, it is much more likely that
these devices will literally leave the building, subjecting your data to physical loss or theft.
And there are already a number of ways these devices are being used for black hat means.
For example, smartphones and tablets are connecting to very critical systems and have even
become our main mode of communication. Few homes have landlines anymore and many small
businesses are relying on their employees‘ mobile devices for work purposes. Take out a
network of smartphones and you cripple a family, a business, potentially a nation‘s ability to
communicate.
Sophisticated mobile botnets already exist such as NotCompatible, a piece of malware Lookout
found that gives fraudsters a for-hire gateway to an infected phone‘s networks. From there,
NotCompatible allows the bad guys to easily bypass anti-fraud measures. It is not a large leap
of logic to imagine authors of NotCompatible offering access to specific infected devices in
specific enterprise organizations or government agencies.
The mobile device can also be used as an extortion mechanism. Take, for example,
ScarePakage, a piece of mobile ransomware that targets phones in the United States. It locks a
victim‘s phone, convinces them they‘re being investigated by the FBI for child pornography, and
demands money to avoid criminal charges and to regain access to the device. Mobile
ransomware has gotten very smart about taking a victim‘s photo or stealing their IMEI to
convince them the malware authors truly know who they are.
Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
7
Copyright © Cyber Defense Magazine, All rights reserved worldwide
