Another related problem is foreign intelligence services approaching businessmen at trade fairs and exhibitions...
with the offer of "gifts." The gifts -- cameras and memory sticks, etc. -- have been found to contain electronic Trojan bugs, which provide remote access to users' computers. Like the checkout card reader attack mentioned above, you can't easily tell the device has been tampered with.
Products that have been infected prior to purchase have the potential to quickly destroy customer confidence in the product and the vendor. Any company building or commissioning IT equipment needs to ensure those devices are fundamentally secure from the moment they are created all the way through to delivery and installation. They need to be handled securely to prevent tampering or need to be switched to ensure the integrity of their products. I know some companies that only allow their employees to use BlackBerrys because they are made entirely in Mexico or Canada and many feel they have tighter control of their supply chain than the iPhone, which contains components manufactured all around the world including China, which is currently at the top of the list when it comes to cyberespionage.
Depending on the nature of your mobile workers' requirements, you may want to consider using devices developed for the National Security Agency's Secure Mobile Environment Portable Electronic Device (SME PED) program, such as the Sectéra Edge. Such devices are certified to protect wireless voice communications classified "top secret" as well as email and websites classified "secret."
Unless you are using a specialist device or software I would never assume that voice calls are secure, so like fax and email, never discuss confidential or sensitive issues on a mobile phone. For each mobile device which purchase, I would suggest that you run a test to see if it tries to make unusual connections via any of the network protocols it can use and review the traffic to ensure data is not being unintentionally sent from the phone. Thankfully, the actual number of software-based attacks on smartphones and PDAs is relatively low, and the few vulnerabilities discovered on smartphone operating systems tend to be fixed quickly. This is probably due to the intense completion among vendors in the enterprise market, where device security and avoiding being victimized by smartphone malware is becoming a key issue.
Dig Deeper on Mobile security threats and prevention
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.