Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Ignoring Mobile Security Doesn’t Make It Go Away

Recently I attended Gartner’s Security and Risk Management Summit outside Washington, D.C. Early in the week, I had a discussion with a security professional who asked me, skeptically, if mobile threats were actually something he had to worry about. He explained that mobile malware and mobile breaches were small blips on the security threat horizon.

Recently I attended Gartner’s Security and Risk Management Summit outside Washington, D.C. Early in the week, I had a discussion with a security professional who asked me, skeptically, if mobile threats were actually something he had to worry about. He explained that mobile malware and mobile breaches were small blips on the security threat horizon. I realized he must have skimmed the new Verizon Data Breach Report and mistakenly thinks he should take ‘mobile security’ off of his to-do list.

On the contrary, and as my friend learned as the week went on, the problem is not mobile malware but that mobile devices and apps are rife with vulnerabilities.

Mobile security continues to be a top priority for CISOs. At the Gartner Summit, there were a number of mobile sessions and a lot of bar conversations ranging from how management of devices only takes CISOs so far, to securing mobile applications and whether or not to trust the mobile operating system. One-on-one conversations with analysts shed light on companies who are struggling to work security into the mobile app development process especially since, as Gartner analyst Ramon Krikken put it, “developers should write secure code, not security code.”

The increase in mobile security conversations shows that teams are still trying to figure out their strategy and how to address this new landscape of vulnerabilities. Companies I met with are finding that legacy solutions like EMM don’t address their security needs, thus they need something more to solve these new mobile challenges.

And the need is becoming more immediate. In the past weeks following the Gartner conference, researchers from a variety of organizations uncovered vulnerabilities in mobile apps and operating systems:

• A flaw in Swiftkey keyboard software on Samsung Galaxy smartphones put 600 million devices vulnerable to data theft, installation of malware and eavesdropping on calls

• A zero-day in the latest Apple OS allows approved apps downloaded through the Apple App Store to access other apps’ sensitive data

• A flaw introduced by poor programming practices used by mobile developers has exposed thousands of mobile apps to potential data breach

Advertisement. Scroll to continue reading.

In fact, if my friend had taken a closer read of the Verizon report, he would have realized that Verizon made it clear that security practitioners should not ignore mobile because the landscape is changing, as demonstrated by these new mobile defects. Having visibility into the mobile environment to detect these vulnerabilities is critical, and followed closely by having the control to take action on them. Given this advice, I can see why enterprises are struggling. Legacy solutions that employ blacklisting or whitelisting of mobile apps seem completely inadequate in a world where tens of thousands of apps may have a single critical vulnerability.

As we head into the second half of 2015, it will be interesting to see how mobile security evolves and which companies make it a priority. Smart companies will move beyond device and app inventory management and look for mobile insurance polices. And those that take mobile security off their to-do list…well I guess we will know who by the headlines.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.