Phones Are Security Risk

While smart phones aren’t exactly a new entry in the wireless world, they are becoming faster, more powerful and far more common, several Arkansas telecom executives and IT professionals said.

In many ways, the devices – which allow for e-mail, Web browsing and downloaded applications – are replacing functions formerly handled on a desktop PC. For the time being, the viruses, malware and other security concerns that have plagued desktops aren’t as much of a concern for smart phones. But that could change as the powerful handheld devices continue their proliferation.

“Although I’m not having a large problem today with security on smart phones, it likely will happen eventually,” said Neal Fendley, director of technology for the Little Rock IT firm Edafio Technologies.

“Smart phones have enabled mobile access to e-mail, calendaring and scheduling. “That’s been the major business game changer in the last few years. Apps will be coming on in the future.”

And with apps comes the potential for security risks.

“Apps on the phone are where the malware would come from,” said Steve Hankins, CEO of the Fayetteville IT firm Accio.US.

“So how well the app store – whether it’s BlackBerry, [Google’s] Android or Apple – how well that’s controlled and reviewed is going to be the key point.

“Right now Android is totally open, so if there’s going to be a huge malware issue, I would suspect it would end up on an Android phone before it would end up on an iPhone or a BlackBerry.”

Ensuring that apps are safe is why Verizon Wireless, which sells several smart phone models that use the Android operating system, offers what amounts to a seal of approval for apps featured on its V Cast Apps store, which launched in March, said Jerry Fleenor, a data solutions engineer for Verizon.

 

Company Control

For businesses that issue cell phones to employees, control is the key to security. And the top product from a control standpoint is Research In Motion’s BlackBerry smart phones, said Joanna Miller, director of business sales at Verizon Wireless in Little Rock.

Because BlackBerry phones can be controlled through a central server, a business can dictate what goes onto the device.

“All those controls can be done on the server inside the company’s organization, and pushed out to the handset,” Miller said. “So if someone wanted to, for instance, download Facebook or download a website that may be against policy, they would not even be able to go that route or be able to download that application or software on the phone, if the company has restricted it on the server.”

Fendley echoed that assessment.

“RIM is first in, best-dressed,” he said. The company is the “most mature, most well-known and generally accepted by auditors out there in the IT world.”

Fendley said there are services available for other smart phone operating systems, such as iPhone and Windows Mobile that route e-mail and Web data through third-party servers, thereby increasing control and security.

However, Fendley said, “Security breaches on smart phones have not been a major issue for us. We follow some basic guidelines, such as pushing down some policies, especially in our BlackBerry environment, that turn off certain features that are prone to attack, like Bluetooth.”

Another security concern with smart phones is unrelated to malware and hacking. Good old-fashioned forgetfulness can compromise a company’s or an individual’s sensitive information, as the Apple programmer who left an iPhone 4 prototype at a California bar this spring could probably attest.

That’s why making sure a phone has remote wipe capability is critical, Miller said. Remote wipe – the ability to remotely delete everything in a phone – is a function inherent in BlackBerry products and a few others, she said.

Other smart phone operating systems offer remote wipe, but it usually has to be installed as an application.

Edafio Technologies advises its business clients to be cautious with employee smart phones, Fendley said.

“We recommend, in a business environment, to have centralized control over these features so you can administer them just like a desktop PC,” Fendley said. “A password to log in; encrypt the data to make sure it’s safe; poll [the device] every so often to make sure it’s still online.”

He said his company recommends that users install only business-related apps that have been approved by their IT departments.

 

Market Gain

As of the first quarter of this year, smart phones made up about 23 percent of the mobile market, up from 9.9 percent in the first quarter of 2008, according to the Nielsen Co.

Mobile data consumption has shot up 230 percent, from an average of 90 MB a month in the first quarter 2009 to an average of 298 MB a month in the first quarter of 2010.

While Research In Motion still holds the top spot, with 35 percent of the smart phone market share, Android and iPhone are both gaining.

Both RIM and Microsoft’s Windows Mobile were down 2 percent in the first quarter of 2010, while Android and iPhone were each up 2 percent for the quarter, according to Nielsen.

As of the first quarter of 2010, iPhone commanded 28 percent of the smart phone market, followed by Windows Mobile with 19 percent and Android with 9 percent. The remaining 9 percent was split between Palm OS, Linux and Symbian OS.

Apple has suffered some heretofore rare security gaffes in recent months, from the iPhone 4 prototype that an errant developer left behind in a bar to reports of hackers breaking into people’s iTunes accounts to rack up thousands in illicit app purchases.

And the company saw another setback when the influential Consumer Reports magazine declined to recommend the iPhone 4 because of reception problems.

Between the June 24 launch of the iPhone 4, and the morning of July 15, Apple’s stock had slid about 8 percent, to $249.38.