Tag Archives: pda

What are you and your organisation doing about Android security?

At the RANT Forum (Acumin’s monthly information security networking event), attendees often complain that they are playing catch up to cybercriminals. It is the bad guys that define the market, they are at the cutting edge as they try and find vulnerabilities, attack vectors, and exploits that will allow them to break in to a network. It is difficult enough for the CISO and Info Sec Manager to ensure that they are recognising and mitigating the appropriate risks, let alone trying to factor in emerging threats such as zero days and second guess the nature of the next generation of hack attempts.

This idea of playing catch up in IT security also extends in to new technology areas, the corporate line often requires some maturity before implementation of new products. This has not necessarily been the case with smartphones. By smartphones I refer here not to the old school PDA-type devices we enjoyed at the turn of the millennium – my guilty pleasure on that one is here! Rather I mean the combatting trinity of iPhone, Android, and Blackberry… sorry WinMo7, you are underappreciated indeed!

There must be few technologies that have been so rapidly integrated in to corporate environment, let alone being driven by users. Early adopters usually spend hours going blue in the face trying to explain why gadgets like the Psion Series 3 are the ‘next big thing’, with the emergence of shiny and gimmicky apps, the ‘Wow factor’ of the modern smartphone has spread like wildfire (not the HTC Wildfire, which would spread slowly due to an underclocked and underspec’d CPU!).

So, when the CEO (or his/her designated errand runner) knocks on the door of the info sec team, it is a brave IT Security Manager who will cautiously lean out from behind the firewall cluster and inform them that the proper security controls haven’t been developed and implemented yet to let the boss’ new toy run riot on the network. So what do you do?

We find the information security industry, both in terms of vendors and internal security, looking to develop protective measures for what is essentially a pocket computer (a proper one with RAM and CPU to match the claim, as opposed to this.) With such rapid technical innovation in terms of hardware and software it is difficult to keep abreast of emerging threats and how to counteract them.

Android here probably stands as more of a challenge than the iPhone here – its users are typically more technical and are allowed greater freedom by the OS to chop and change. This means that control becomes difficult, especially with the wide number of devices and various incarnations of the operating system. The iPhone with its proprietary nature is an easier beast to tame. So if you’re looking to find out more about the threat landscape on Android, as well as some of the potential vulnerabilities and counter actions you can take as both a personal and business user, take a look at the Acumin white paper on Android Security.

– Ryan Farmer

rfarmer@acumin.co.uk