Why profit-driven iPad exploits are inevitable
Posted on | February 26, 2011 | 1 comment
One of the most bedeviling conundrums corporate IT managers face today is how to deal with the security of mobile devices. The topic was addressed at the Mobile Security Symposium in SF on Feb. 14
There are more questions than answers, at this point, about how all of this will play out in the months ahead.
In this LastWatchdog guest post,  Laura Mather,  founder and VP of Product at SilverTail Systems, examines a few of the wider consumer security and privacy implications. SilverTail  supplies website traffic monitoring services.
Mather
By Laura Mather
The increasing popularity of tablets, like the iPad, makes online shopping more convenient and fun! Given this convenience, there are certain risks that consumers should be aware of when shopping with these tools.
As the device adoption rate increases among consumers, it is only logical that criminals will find a way to exploit these devices, such as tablets. For personal computers and laptops, the hot attack vector this year is malware. Criminals convince consumers to visit a website that contains malware and if the computer is not protected, the malware is installed on the machine. Malware of this form can do everything from keystroke logging to Man-in-the-Browser attacks.
There has been a consistent trend with malware – it targets the devices that are the most popular. Traditionally, most viruses and malware have targeted Windows-based machines. Crime is a business, too, and criminals need to get the best return on investment. The way to do that is to build attacks that apply to the vast majority of people. With the popularity of Apple computers on the rise, malware is becoming more of a threat to these devices.
The question to address – have any malware incidents been reported on tablets? Not yet. However, given the enormous popularity of these computing devices, and the breadth of information that is passed through them on a daily basis, it is only a matter of time (i.e. weeks or months) before we start to see malware specifically built to target them.
How can you protect yourself from these types of attacks? The good news is that the strategies are almost identical to what you would do on your PC or laptop. If you are using a web browser, be careful of what links you click on – only visit websites you trust. Monitor your credit card statements and make sure there are no unauthorized charges. During the holidays it’s a good idea to check them once a week. This helps keep you on track with your budget, too!
One difference with tablets compared to the PC environment is apps. It’s true that apps are very similar to software downloads, but there is one big distinction with apps: you usually obtain the app from an aggregator (e.g., iTunes, Android Market, etc.). This is a good thing since these aggregators will typically vet the apps before they make them available through their service. iTunes is known for their good reputation and high quality apps. The Android market appears less rigid about the restrictions of what can be added. They do remove malicious apps after they’ve been reported, but we’ve also heard of cases where apps that steal passwords were made available for weeks before any action was implemented.
As technology advances, it is important to be aware that the criminals will advance with it. Be vigilant!
About the author – Laura Mather, Ph.D.,  is the founder and VP of Product  at Silver Tail Systems.  She is also the Managing Director of Operational Policy for the Anti-Phishing Working Group where she drives internet policy to fight electronic crimes of phishing, pharming and spoofing.  Prior to co-founding Silver Tail Systems, she spent three years in fraud prevention and anti-phishing at eBay, and before that she was a Director of Research and Analysis for the online division of Encyclopedia Britannica, and a research analyst for the National Security Agency.
Comments
1 Comment »
RSS feed for comments on this post.
I disliked this article.
Comment by Joel — 7/30/2011 @ 8:23 am