This week, the European Network and Information Security Agency (ENISA), Europe’s Cyber security agency, released a report identifying what it sees as the top security risks and opportunities of smartphone use and gives security advice for businesses, consumers and governments.
The Agency considers spyware, poor data cleansing when recycling phones, accidental data leakage, and unauthorized premium-rate phonecalls and SMSs as the top risks.
According to Gartner, worldwide smartphone sales doubled last year with 80 million sold worldwide in Q3 2010 alone. A report released earlier this week by Check Point Software Technologies, showed mobile at a top concern as well, highlighting how IT security administrators anticipating a significant increase in the number of users connecting to their network in the next year primarily due to the spike in mobile devices such as iPads and smartphones.
“Given the growing importance of smartphones for EU businesses, governments and citizens, we consider it essential to assess their security and privacy implications,” says Prof. Dr.Udo Helmbrecht, Executive Director of ENISA.
In the ENISA report, key security opportunities and risks highlighted include:
– Accidental leakage of sensitive data -e.g. through GPS data attached to images.
– Data theft by malicious apps and from stolen, lost or decommissioned phones.
– “Diallerware” – malicious software which steals money through unauthorized phonecalls.
– Overload of network infrastructure by smartphone applications.
In terms of opportunities, the report notes that backup is often well integrated into smartphone platforms, making it easy to recover data if the phone is lost or stolen. Another opportunity lies in the use of app-stores: “Most smartphone users only install 3rd party software through controlled software distribution channels,” says Dr. Marnix Dekker, co-author of the report.
The most important result of the report is a comprehensive set of strategies for securing smartphones. “Smartphones are a goldmine of sensitive and personal information – it’s vital to understand how to maintain our control over this data. We’ve designed our recommendations to plug into a typical security policy,” says Dr. Giles Hogben, co-author of the report. The report has recommendations for businesses, top officials and consumers – and for dealing with the security risks of mixing these roles.
The Full Report is Available (Free, No Registration Required) at: http://enisa.europa.eu/smartphonesecurity/