Know your smartphone

So many people are buying smartphones, I thought it might be wise to throw in a cautionary note about just how powerful these devices are. The smartphone of today is more powerful than the laptop of a few years ago. Along with the widespread adoption of these devices come the increasing of their risk profile. That is to say that the more popular something is, the better a target it becomes for those who have less than good intentions. Currently there haven't been any really nasty attacks seen in the wild yet. The devices are definitely prime targets, and you can be sure that the bad guys are working hard at trying to figure out how to leverage this technology in order to get at your information. This article discusses some potential nastiness on the Android platform. Security vulnerabilities have been well advertised on the iPhone which have, or should have, prevented their widespread adoption for corporate use. Currently the Blackberry remains the most "secure" platform for business use by employing active encryption of the contents at the expense of the "cool" factor that Android and iPhone show off. the iPhone 3GS offered encryption but the operating system kernel automatically decrypted the contents of the phone when you extract the data for analysis. Effectively, this means the iPhone is NOT compliant with the standard corporate policy requiring encryption at the device level; but don't take my word for it. To be fair, I don't believe Android even makes the veiled attempt that Apple makes and makes their sdk freely available to the world. Device-level encryption for both of these platforms needs to be off-loaded to a third party to adequately secure your data.

So, beyond your data NOT being secure, take a minute and think about how inter-woven this device is into your life. How much data, personal and professional, is on there. If I had complete access to your phone what could I learn about you, your family, or your work. I don't know you, but I bet it's a lot ;-). This week, Google removed two applications from all Android-based phones to protect their users. There is some debate on whether this is Google's business or not but that's not an interesting argument to me. I will follow this up with a video that demonstrates application installation on the Android platform and how we should be aware of what we install and the access that application should or should not need to the different functionalities on your phone. As a good rule of thumb try to remember that no one is as interested in protecting your data as you are. That means that if you're not interested, then no one is going to do that for you.

No comments:

Post a Comment