Another related problem is foreign intelligence services approaching businessmen at trade fairs and exhibitions with the offer of "gifts." The gifts -- cameras and memory sticks, etc. -- have been found to contain electronic Trojan bugs, which provide remote access to users' computers. Like the checkout card reader attack mentioned above, you can't easily tell the device has been tampered with.
Products that have been infected prior to purchase have the potential to quickly destroy customer confidence in the product and the vendor. Any company building or commissioning IT equipment needs to ensure those devices are fundamentally secure from the moment they are created all the way through to delivery and installation. They need to be handled securely to prevent tampering or need to be switched to ensure the integrity of their products. I know some companies that only allow their employees to use BlackBerrys because they are made entirely in Mexico or Canada and many feel they have tighter control of their supply chain than the iPhone, which contains components manufactured all around the world including China, which is currently at the top of the list when it comes to cyberespionage.
Depending on the nature of your mobile workers' requirements, you may want to consider using devices developed for the National Security Agency's Secure Mobile Environment Portable Electronic Device (SME PED) program, such as the Sectéra Edge. Such devices are certified to protect wireless voice communications classified "top secret" as well as email and websites classified "secret."
Unless you are using a specialist device or software I would never assume that voice calls are secure, so like fax and email, never discuss confidential or sensitive issues on a mobile phone. For each mobile device which purchase, I would suggest that you run a test to see if it tries to make unusual connections via any of the network protocols it can use and review the traffic to ensure data is not being unintentionally sent from the phone. Thankfully, the actual number of software-based attacks on smartphones and PDAs is relatively low, and the few vulnerabilities discovered on smartphone operating systems tend to be fixed quickly. This is probably due to the intense completion among vendors in the enterprise market, where device security and avoiding being victimized by smartphone malware is becoming a key issue.
Dig Deeper on Mobile security threats and prevention
Related Q&A from Michael Cobb
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.