Few security breaches have been traced to wireless devices or smart phones, but industry experts say the proliferation of these devices is still causing concern.
“”I have not heard of a lot of attacks on mobile devices,”” said Michelle Warren, a market analyst with Toronto-based Evans Research
Corp. “”It’s more ‘What if? When it is it going to happen? What will it hit? How will it affect business?’ I haven’t heard of any actual attacks.””
McAfee officials said IT departments should be concerned about mobile device security, but agreed there have been few attacks.
“”The industry thought we would have more of a problem with these things than we actually have,”” said Vincent Gullotto, vice-president of McAfee’s Anti-virus and Vulnerability Emergency Response Team.
“”That’s somewhat good news.””
He added past breaches have included “”porn dialler”” software, which is surreptitiously loaded onto cell phones and is programmed to dial 900 numbers, racking up bills.
Gullotto said some malicious code is designed to spread to wireless devices through Bluetooth connections, but most viruses and malware loaded on to mobile devices do not spread as quickly as if they were downloaded on to PCs connected to a corporate network.
Other security software vendors offered similar sentiment.
Another view
Matt Ekram, product manager for mobile security at Symantec Corp., said devices have a “”limited impact”” on corporate security, and any malware for these devices would be a “”proof of concept.”” Ekram recommends network managers set up VPN in order to help protect against attacks.
IT departments can protect their networks by setting up perimeter firewalls, but Gullotto said security gets more complicated when the network boundaries become blurred.
“”In the good old days, everybody had PCs and a LAN and we all went to the Internet through our firewall gateway,”” Gollotto said. “”If we look at it now — what about my home users or my portable laptop users? Are they inside or outside? And that kind of gets worse with more and more of these portable devices.””
He added network managers have no choice but to leave some ports open so that users can access external resources, such as the Internet. Therefore, the only defence is to monitor the network for unusual activity.
“”We now have to be very careful about how we monitor those channels that we have open, and what can we do to validate that the traffic that is coming through is genuine and somebody isn’t piggybacking across the channel to do something bad.””
