Check out our previous article
Wireless Threat
As mobile devices are quickly becoming a personal necessity, the opportunities to introduce malicious threats into an enterprise network are increasing. With their typically small size, wireless devices – likely to contain sensitive company information – are more vulnerable to theft or loss. In addition, these devices are typically purchased by the individual, not the enterprise and are brought into the enterprise environment. As such, enterprises do not have the same control of usage as they would with a company-issued device (e.g. laptop).
The list of vulnerabilities in wireless devices is growing almost daily. Although not yet exploited widely, vulnerabilities in wireless devices have been identified, which open up potential points to launch attacks on enterprises. Vulnerabilities have been found in PocketPC and Symbian operating systems, along with weaknesses with Bluetooth technology.
Does Symantec view mobile devices and wireless as another potential tier for hackers to infiltrate in an enterprise network?
Wireless is not “another” tier but an extension of the client tier that is growing rapidly. Based on IDC data, worldwide converged mobile device shipments are expected to grow at 47.1 percent CAGR between 2003 and 2008. Wireless subscribers are expected to reach 2 billion users by 2008. As mobile devices are quickly becoming a personal necessity, the opportunities to introduce malicious threats into an enterprise network are increasing.
What does Symantec see as potential threats for wireless devices and networks?
The threats for wireless devices are similar to those of other endpoint devices but greater in some cases. In addition to the necessary protection from malicious code, SPAM, spyware, and content filtering, wireless devices must be protected against theft or loss because of their small size. The smaller the device the easier it is to lose it. The ability to lock or encrypt the data is essential, as well as the ability to “wipe” data from the device once it is known to be lost.
From the network side, in addition to existing network threats, data is at risk over the air. If appropriate precautions are not taken, information can be stolen or corrupted in-transit. It also introduces the potential of bandwidth stealing where an individual or organization is not doing anything malicious except for using your bandwidth for internet access.
What types of threats exist today that can compromise wireless devices and networks?
The list of vulnerabilities in wireless devices is growing almost daily. Vulnerabilities have been found in PocketPC and Symbian operating systems, along with weaknesses with Bluetooth technology. One example, from the Symantec Security Response: SymbOS.Cabir is a proof-of-concept worm that replicates on Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. For example, even a Bluetooth-enabled printer will be attacked if it is within range. The worm spreads as a .SIS file, which is installed into the APPS directory.
A second exploits PocketPCs. Backdoor.WinCE.Brador.a targets PDAs running PocketPC and is a classic Trojan backdoor program, which could expose handheld devices to remote exploitation. A third is a Bluetooth vulnerability which can let an attacker remotely download contact information from victims' addressbooks, read their calendar appointments or peruse text messages on their phones to conduct corporate espionage. An attacker could even plant phony text messages in a phone's memory, or turn the phone sitting in a victim's pocket or on a restaurant tabletop into a listening device to pick up private conversations in the phone's vicinity. Most types of attacks could be conducted without leaving a trace.
