Can mobile phones be used to tunnel into a corporate network? Right now handheld devices have such limited capabilities....
Your worst fear is an attack to the device itself, but as you migrate to more intelligent devices you have to start thinking about your employees, roaming around with little weapons connected to your network. You have to be concerned about whether an attack can take the device out and will it have the ability to take out large segments of your network. Portable devices are the bad guys' best friend.
The question is what happens if the communication world converges onto an IT backbone where the phone isn't connecting through a cellular gateway into the infrastructure, but is connecting right on the network as a full IP device.
Can mobile phones be used to tunnel into a corporate network?
I think that is a very valid point as corporations look to mobile devices as a way of mobilizing backend applications. The threat, particularly for the enterprise space, is that these tools may expose sensitive corporate data.
As mobile phones and other, similar devices gain additional computing capabilities -- sending e-mail and photos, and browsing the Internet -- do they pose an increased threat to network security?
Although malicious code hasn't caused widespread damage in the mobile area yet, there have been a number of incidents that have demonstrated the potential disrupts they could cause. There was a virus that spammed thousands of mobile phones within Spain by routing e-mails through an Internet cellular gateway. In Japan in 2000, cellular users received malicious code that caused hundreds of mobile phones to dial the police. As the next generation of mobile phones becomes more sophisticated and mobile platforms become more standardized, these kinds of devices will become more prone to attack. Can mobile phones be used to tunnel into a corporate network?
While the power is increasing, it still isn't there. Certainly malicious programs can use a phone to spread. And there are certainly Trojans that can be implanted on a phone, but I think the really interesting stuff is going to come when the .NET platform becomes pervasively used on handheld devices.