Page 8 - index
P. 8
And, of course, your mobile device can be used to spy on you. Using a variety of attacks against
native applications such as the camera, GPS, and microphone, an attack can remotely listen in
on important conversations, identify the people having them, and where the conversation is
happening. We‘ve seen malware already taking advantage of this, such as Korean-based
ShrewdCKSpy. There‘s even commercial-grade surveillanceware that legally allows you to do
these things so long as you let the user know you‘re monitoring them.
The concerns are legitimate and while many of this seems big and scary, it‘s worth tempering
them to say: we‘re working on it. The industry is working on it and believe it or not, the outlook is
anything but bleak. Awesome technology is being built to detect mobile malware before it ever
hits the phone. Businesses are changing their IT culture to understand the new perimeter and
the need to protect data.
Through partnerships and industry influence, we‘ll be able to one day ensure that security is
baked directly into devices and device software development lifecycles so our phones are
secure out of the box.
It‘s time to move beyond the BYOD-centric conversation, accept that smartphones can be
productivity blessing and don‘t have to be a security curse. It‘s just going to take shifting our
mindset to think security first.
About the Author
Marc Rogers, Principal Security Researcher at Lookout
Marc has worked in the security industry for almost twenty years, including a
decade managing security in the UK operator Vodafone plc, and five years as
CSO for a real estate and asset management conglomerate in South Korea.
Marc sees himself as a security evangelist, who has a positive outlook on how security should be
implemented in todays global organizations. It's this outlook that Marc used when he helped put
together the award winning BBC series "The Real Hustle". Marc is also the Head of Security at
DEF CON, the worlds largest Hacker conference.
Cyber Warnings E-Magazine – CTIA Special Edition, September 2014
8
Copyright © Cyber Defense Magazine, All rights reserved worldwide
