While consumers, and indeed the online security industry, have typically not paid much mind to warnings of nasties being sent to or through a Bluetooh device, experts are warning that this needs to change. Case in point: the newly discovered Doombot.A, which carries with it CommWarrior.B, which sends itself out using a Symbian smartphone’s Bluetooth transmitter.
Of course, in addition to the fact that the Doombot.A virus and its stowaway CommWarrior.B worm are just plain rude, they can also cost their host money, as many people must pay for messages sent from their phones on a per-message basis.
Explains Doug Conorich, Global Solutions Manager for Managed Security Services at IBM, “The biggest threat that I see right now is that is that Blackberries and PDAs are connected to names and addresses. If somebody devised a virus sent out with a ‘payload pull’ and an ‘address book out’ it could send out messages to all those listed in the address book. At 10 cents a message or more on some of the plans, you can see that that cost to smartphone end-users could add up rather quickly.”
Experts point out that responsibility for the security of a mobile device lies in part with the software publisher. “The software vendors that produce mobile phone operating systems definitely have the responsibility of issuing patches to their products. But this is a totally separate issue from determining who is responsible for protecting smartphone users from a financial standpoint,” points out McAfee Mobile Solutions Senior Vice President Victor Kouznetsov.
Beyond that, however, is what measures should IT departments take as the workforce is increasingly mobile-enabled? Kouznetsov says that IT departments need to demand that their carriers provide anti-virus and security measures for mobile devices, and recommends that an IT department “would be well advised to contact the operator they are using and standardizing on, and then demand that the operator include the technology and provide it on their handsets, or ask whether the operator will be including it in the future.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Experts also agree that it is incumbent upon IT departments to establish standard policies and procedures for allowing an employee to connect a mobile device to the enterprise network, or even that the enterprise should standardize and provide the mobile devices to ensure that they conform to standards set by the enterprise.
Drew Carter, a Senior Product Manager, also with McAfee Mobile Solutions, points out that “Mobile devices are often purchased by individuals who also want to access enterprise resources. But does this really make sense? Today the technology is somewhat immature, but as it reaches a higher level of penetration, companies will need to adopt a more sophisticated approach. The other option is for enterprises to provide the mobile devices and set the standards, so if mobile workers want to connect to the network, then they need to buy these devices.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
I wonder if it might be a good idea to draw up some kind of Internet anti-spam protocol for e-mail transfer connections, make it optional if necessary. It would be best if it were like a service that an e-mail client could be set to link up to before attempting to connect to a mail server.
I mean, we’re sending the data over the Internet anyway, why not use the Internet to, say, filter known spam into its own bundle marked “spam”?
I admit there are some flaky parts of this solution, and a lot of work for everyone. Also, it would only be as good as the service’s filtering.
Maybe it would just be better to get some better people, like real algorithm people, to improve anti-spam software, and include it as part of an e-mail client’s e-mail processing. If that could happen, I think it would make sense to make it open-source.
Sincerely,
Steve