Page 2 of 3
Wingert said his customers are becoming increasingly concerned with security threats from mobile devices.
"The mobile security issue is not new, it's just growing. We have seen limited movement to even encrypt the data passed through on laptops and mobile storage, so the threat we have now has expanded and made it easier to provide points of attack," he said. "Many threats are now being tailored to mobile devices due to their lack of the levels of security normally in place. Simple theft of an unlocked device could be enough to access corporate personal information that could be used for a variety of different things."
The threats are particularly pervasive on the Android platform, which Google has intentionally left open with limited, if any, regulation, experts say. While Android's openness has fostered creativity for developers, it also leaves a gaping security hole for malware authors wanting to spread malicious code rapidly on the popular platform to a large number of users.
"The reason it's becoming an actual threat is the explosion of Android and its popularity versus all the other platforms," said Armstrong. "The Android model is very open. The Android market is kind of the 'Wild West.' There's no code review and the other thing is, you can get apps from other places."
Google recently has been held to task for its lack of scrutiny for developers on Android applications, and has lately promised to harden the platform. The search giant is in the process of rolling out a server-side patch for a ClientLogin authentication vulnerability occurring in the way the operating system handles its authentication process. The glitch, which affects 97 percent of Android devices, could allow hackers to launch impersonation attacks on users via Google Calendar, Contacts and a myriad other Web services.
F-Secure's Hypponen said a big shift to Android and other mobile-based attacks would likely not happen until Windows XP platform declines in popularity.
But Google's recent security measures might be a day late and a dollar short in preventing crops of complex data-stealing malware from springing up on Android, experts say. The operating system has already experienced a 400 percent spike in mobile malware since the summer of 2010, according to a Juniper Network Global Threat Center report, "Malicious Mobile Threats Report 2010/2011." Among other things, the latest versions of the mobile malware contain sophisticated root privilege exploits that possess the ability to collect and send any data stored on a user's mobile smart phone to a remote server.
"Google gives these apps away for free with a lot of sourcecode," said Robert McMillen, president of Portland, Ore.-based All Tech 1, a security solution provider. "The specialized pieces of malware are pushed out to people's phones. Apple is criticized for having a locked down system, but it does help keep these threats from happening."
Next: Partners Find Opportunities To Secure Mobile Environments