ending it

IS YOUR BUSINESS LAPTOP SAFE WHEN YOU access a hotspot? Are you protected when you use your Palm Treo device in the field? Often the answer is “no.”

As mobile data devices proliferate in the form of Wi-Fi-enabled tablet PCs and laptops, cell phones with Web access, PDAs and even MP3 players, they have become a new front in the Internet security war. Despite the rise of viruses, worms, malware and hacked access to corporate data, most endpoints don’t come with the typical protection capabilities found on PCs, such as virus scanners and firewalls.

For less than $200, the Eli fully managed security appliance allows consumers, remote workers and SOHO users to protect mobile devices from threats including spam, viruses, phishing, hacker attacks and spyware.

“From a security perspective, we have just begun the battle against wireless viruses and attacks,” says Mark Komisky, CEO and co-founder of Bluefire Security Technologies, which offers security for PDAs and smart phones. “As the operating systems become mainstream and dominant, it will be easier for attackers to know the vulnerabilities of a couple of operating systems, which will allow them to attack or write a virus that can attack tens of millions of devices at once. In short, we will be faced with the same problems we face with notebooks and desktops, only the number of devices will be significantly larger, and they will be constantly connected.”

Perhaps because of wireless’ heritage in voice, users have been lulled into a false sense of security, thinking that using a cell phone to access e-mail via 3G is as safe as talking on a POTS line at home. In reality, endpoints are increasingly combination devices with Wi-Fi, 3G and Bluetooth connections, capable of networking and connecting to corporate networks from virtually anywhere in the world, always attached to a public network with millions of unknown users. With the widespread introduction of wireless cellular data connections at network speeds and prices that make them attractive for the first time to business users, the danger has snowballed. By 2006, two-thirds of U.S. employees will be mobile in nature, often working while on the road or from the home, according to research firm IDC.

Infected smart phones, Wi-Fi endpoints and other dataenabled devices can spread a virus across the network through the terminal connection. Plus, the hacking community recognizes that the end device is the new key to gaining access to the enterprise network, says Skip Taylor, vice president of product marketing at Fiberlink Communications Corp., which makes software to set and enforce security policies for wireless LANs. A particular area of vulnerability is public hotspot Wi-Fi, where usability is the byword. “From the providers’ perspective, tight security only makes it more difficult for users/buyers of their access to get connected,” says Taylor. “The providers need billing information, typically captured by a ‘walled garden’ Web page, prior to allowing connectivity to occur. Because the [hot]spots are public, the local network within the hotspot is prone to data capture through tools, available off the Internet today, on a hacker’s PC.” Further, if the device itself has shared drive or VPN access with auto sign-in, the hacker potentially could gain access to corporate networks, proprietary information or intellectual property.

Many businesses assume an SSL VPN for remote users, and corporate network security is all that is needed to thwart threats. In reality, a multilayered defense is the linchpin for preventing security breaches.

“The only way to provide universal protection for mobile devices is by embedding protecting capabilities within the wireless network itself,” says Simon Gawne, CEO and founder of StreamShield Networks, which identifies and blocks threats and inappropriate content before it reaches the user.

“The problem in providing network-based protection has been around how to provide a service that can protect millions of subscribers without impacting performance. If you delay a Web page or file download for 10 seconds while you scan it for viruses and inappropriate content then the service becomes unusable,” says Gawne. “The most recent evolution is very high-performance network-based scanning products that can monitor and intercept network traffic that contain malware or inappropriate content — and do this at very high speeds ensuring a negligible delay to the user.”

Some companies make all-in-one solutions, such as Electronic Lifestyle Integration Inc., which has launched an appliance, Eli, that updates Wi-Fi and DSL/cable-connected devices 30 times per day. A PCMCIA version for cellular devices is in prototype now.

Other precautions include only allowing signed trusted applications to be downloaded and run, and processes like SIMLock (securely tying the SIM card and the handset to a specific operator) and IMEI (giving an ID to every handset to reduce fraud and theft). Each endpoint, remote or otherwise, should be seen as a vulnerable node on the network and should use security software including firewalls, antivirus, authentication and file encryption software. Security also could include the use of external monitoring software to ensure the firewall and antivirus products are doing their jobs, and remediation of vulnerabilities before the user touches the LAN.

With solutions available, enterprise awareness of the threat is the biggest obstacle. That is changing slowly. “The wireless terminal security space has moved from R&D to execution,” says Jay Srage, marketing manager for cellular systems at Texas Instruments Inc., which has developed an advanced architecture that uses an interleaved software/hardware mechanism to provide a secure environment for running protected and trusted applications on mobile devices. “There will be more widespread deployment of secure handsets as content downloading becomes more prevalent. Standards bodies and alliances such as CMLA, OMTP and Global Platforms will be providing the guidelines for such architectures and requirements.”

mobile malware: a rundown of wireless baddies
	Brador is a backdoor program that creates a copy of itself in the start file and informs the hacker the minute the device is online. The hacker then can connect to the PDA through the TCP door and covertly control the device.		Locknut is a trojan (also known as Gavino) aimed at phones with a Symbian 7.0 operating system. The trojan file blocks the phone and prevents any application from opening. Later versions cause the operating system to crash. It lures the user to install itself by pretending to be a patch for Series 60 phones.
	Cabir is the first virus to replicate through an active Bluetooth connection, attacking phones with a Symbian operating system.		MGDropper is disguised as a cracked copy of the popular cellular phone game Metal Gear Solid. Once downloaded, it installs versions of Skulls and Cabir and tries to undermine the security products installed on the phone.
	CommWarrior creates unwanted billing, using Bluetooth during the day and sending infected MMS messages at night from the user’s address book.		Mosquitos, a game infected by a trojan virus, sends messages to expensive toll numbers, causing considerable economic loss to its unwitting victims.
	Duts attacks Pocket PCs, targeting .exe files and spreading each time infected programs are exchanged.		Skulls targets Symbian-based smart phones by hiding behind files named Extended Theme Manager or Timer Room. The trojan blocks the functioning of smart phone applications, allowing the user only to make or receive phone calls. All other functions are blocked and the screen displays skulls instead of the usual icons.
	Fontal is a .sis file trojan that installs a corrupted font file into an infected device, thus causing the device to fail at the next reboot. The device becomes stuck on phone startup and cannot be used.
	Lasco targets cell phones with Symbian operating systems and active Bluetooth connections. The worm searches for other active Bluetooth devices so it can replicate and look for .sis files to infect.		Source: F-Secure Corp., which protects against Internet and mobile network threats with antivirus, network encryption, desktop firewall with intrusion prevention, antispam and parental control products.