The 'Evil 8' Threats to Mobile ComputingHow to Assess Current, Future Vulnerabilities of Mobile Devices
Hubbard, in an interview with Information Security Media Group, discusses some of the top threats facing mobile computing, risks the report labels the Evil 8. They include:
- Data loss from lost, stolen or decommissioned devices.
- Information-stealing mobile malware
- Data loss and data leakage through poorly written third-party applications.
- Vulnerabilities within devices, operating system, design and third-party applications.
- Unsecured WiFi, network access and rogue access points.
- Unsecured or rogue marketplaces.
- Insufficient management tools, capabilities and access to application programming interfaces.
- Near-field communications and proximity-based hacking.
Near-field communications establish radio links between mobile devices in close proximity, usually a few centimeters apart. Users can exchange information on their smartphones by "bumping" their devices. The same technology lets shoppers whose credit card information is stored on their smartphones to pay for purchases by holding their mobile devices near point-of-sale readers.
Though last in the list of the Evil 8, Hubbard says nearly two-thirds of survey respondents believe near-field communications will result in more proximity-based hacking in 2013 as thieves using skimmers or other technology capture credit card and other financial data stored on smartphones.
Attackers Go to Where Users Are
As for rogue marketplaces, many of which are based in Asia, many users of mobile devices employing Google's Android operating systems are susceptible to these illicit online sites that don't furnish the same level of application security as does Google's Play Store to download apps. Android users can go to virtually any marketplace to obtain apps for their devices. That's not a choice for iPhone and iPad users, who can only download apps from the Apple App Store. Small wonder Androids are more prone to digital assaults. "It's pretty simple economics from the attacker's standpoint; they're just going to go where information and the users are," Hubbard says
The Cloud Security Alliance is a not-for-profit industry organization that promotes secure cloud computing. Hubbard says the CSA sees a synergy between cloud and mobile computing, resulting in the Alliance conducting the mobile security survey of 210 of its members from 26 countries in July.
Hubbard's day job is chief technology officer for Internet security provider OpenDNS. He previously held the same post at Websense, the data and e-mail content security provider, where he founded the Websense Security Labs.