Each of these new Smart Devices have capabilities to connect to the Internet, communicate via protocols, such as Bluetooth, Wi-Fi (802.11x), and in some cases Ir. These devices have on-board, very capable CPU processing power, and host the potential to store information in Solid State Memory up to 32GB – simply amazing.
And no doubt, the future of these devices will see them jump to the front of the corporate usage line, with increased usage to drive the business mission forward – hmmm, all very positive stuff.
But there is always a downside, and here we are talking about Security. First of all, there are hundreds, if not thousands of applications in the pipeline for the Android, and for anyone who has ever installed one such application, they will have notice they, on occasions, demand many services which could be exploited for some distant miscreant purpose. However, in most cases I have observed the users simply feel so encouraged by the newly offered functionality to be enabled in their hand, they do tend to agree to everything, and go on to install.
Smart Cell Phones are also subject to potential attacks by specialty crafted URL’s, and of course, given they are Internet savvy, are open to Malware, Phishing, and any other level of crafted exploit aimed at the palm of the hand.
So where do we go from here – well when using, or for that, allowing employees to leverage their own personal Smart Cell Phones to conduct your Corporate Business, it may be a good idea to consider your on-campus Corporate Security Policies, and extend it out to such out-of- band assets.
To conclude, I recall one event where a large Corporate was refreshing 10,000 cell phones. The instruction was, go to the Canteen and hand in your old device. By return, the user received his/her band new and shiny all singing, and all dancing smarter Cell Phone. However, during the process, it was noticed that the S word had not been considered (Security) - Guess what, over 80% of the recycled Cell Phones destined to leave the hands of Corporate Control contained Company Business, and Sensitive Data, Contact Lists, and even is two cases, the user’s Personal Banking Details, and Transactions – Small device admitted, but nevertheless, the potential impact from a breach is still considerable.
Expect to see the Smatter Cell Phone come into its own in the next 12 month, and by the same note, expect to see the interest of the hackers also increase to circumvent the aspect of security – these are after all, smart devices, operating on the very perimeter of the Operational Environment, and thus carry risk!
