Recently, Advanced Network Solutions (ANS) hosted an event on the risks of Mobile Malware. The discussion focused specifically on the fact that the rise of mobile computing devices (smart phones, tablets) has created a new way for hackers to infiltrate computer networks. The conclusions of the event stressed that the mobile environment, which is dependent on applications developers, is exploding and users are unaware of the risks they take with teir data when using third party applications on their mobile devices. Users have to be educated on safe computing with mobile devices to ensure security of their data and your network.
A popular application utilized by many iPad users at ANS is a business application named Dropbox. Dropbox (www.dropbox.com) is a free cloud service that lets you utilize or sync files among all computing sources so that you do not have to email files to yourself. For instance, if you have a picture on your computer that you want to share using your iPad or smartphone, you can do so by syncing the file with your free Dropbox account in the cloud. When you are ready to access the picture you can use your Dropbox account to view and even edit the file. This is an invaluable cloud service to users who utilize a home computer, a tablet, a smartphone and a work laptop to conduct business, which is becoming a common scenario for ANS users and our clients.
This week many news outlets are alerting users that Dropbox has admitted via its blog that for several hours on Sunday (June 19, 2011), an update to its code caused a security glitch that allowed people to log into any Dropbox account by typing in any password at all. This should be a huge concern for any Dropbox users who are utilizing the service and are uploading sensitive business documents or password information. It is also a big disappointment for those who have become reliant on mobile applications to run their business. Dropbox was one of the trusted application developers, one of the “good guys” in a sea of unknown third parties.
Although the threat risk to Dropbox users was small (less than 1 percent) it serves as a good reminder to exercise the following guidelines when utilizing a mobile computing device:
1. Always utilize the application provided by the cloud service to log into an account. For instance if you want to access Facebook – use the provided application from your device versus going to www.facebook.com from your mobile device.
2. Do not log into a site that you visit through a link in an email.
3. Know that none of the visual indicators you are used to seeing when attacked on a computer are present on mobile devices. Many times the user is unaware that they have malware on their phone that can caching sensitive data and/or can be uploaded to a secured network via a wireless network that trusts the device.
4. Do not conduct commerce on mobile devices if you are installing applications from unknown developers.
Mobile malware is on the rise and reputable application developers are still making egregious errors creating lax security with their applications. With that said -we are all too reliant on our mobile devices to stop using them and the business changing applications they bring. ANS can consult with you on your security needs so that you can protect your network and your users from this rising security risk. Please contact ANS for more information on how we can help you with protection against Mobile Malware Security Risks.
