Mobiles Get Sick Too, and Other Cyber Security Issues

Paid to be paranoid

by / December 19, 2006
This holiday season, many people will be receiving new mobile devices. It is always exciting to unwrap the latest technology -- cyber criminals find it just as exciting as we do.

For many years we have used individual technologies for specific purposes: cell phones for making calls, PDAs for data storage, MP3 players for music. But the trend toward convergence leads to security issues which may have escaped notice. Mobile devices are just as susceptible to malware as computers according to Cyber Security: What Does the Future Hold? Webinar presenter Mark Fabro, chief security scientist with Lofty Perch Inc. At the Webinar, hosted by the Multi-State Information Sharing and Analysis Center, Fabro said that there are many viruses designed specifically for infecting mobile devices, such as a recently discovered BlackBerry Trojan.

Attackers use e-mail, Internet and other messaging connections to introduce malware into mobile devices. It is also believed that attackers will begin to use screensavers, games and rogue ring tones to gain access, as well as the possibility of using Bluetooth technology. There have already been instances of malware found on certain car navigation systems which utilize Bluetooth.

People must assume that their data will be targeted -- regardless of device -- and must therefore encrypt their information.

"We get paid to be paranoid," he quipped.

Fabro presented a list of must have components for personal encryption:
  • If data is stolen it should be mathematically improbable to be decrypted
  • Capability to easily create and manage keys for offline storage
  • Total directory encryption and on-the-fly decryption
  • A robust help capability
  • Capability to send secure packages with other users of the technology
  • Shredder functions and secure delete
So we decide to discard our old mobile devices. It is important to know that even if our personal information is deleted from a device, there is still the possibility that it is only de-referencing where the information is stored. A hacker could easily retrieve that information. In one case, Trust Digital was able to retrieve 27,000 pages of data from 10 used phones. The information discovered included credit card numbers, chat logs, e-mails and passwords.

Fabro explained that when discarding devices always remember:
  • "Hard resets are required
    • Return the item to factory defaults
    • Try 15 bad passwords to overwrite flash memory
  • Consider commercial secure delete tools
  • Don't store sensitive data on your phone such as banking or medical information and passwords
  • Back up personal information onto your computer (and encrypt it)
  • Set a strong password to lock the phone when you aren't using it for long periods of time and boot-up
  • Don't use a password that's easy to guess or the phone's default setting
  • Investigate policies that are available for your organization"
And make sure that the devices are DED by Degaussing, Erasing programs and Destroying data.

If all else fails, or even if it doesn't, we can always take more drastic measures to keep our personal information safe. (Fabro reminds people to wear their protective eyewear when taking hammers to their cell phones).

Gina M. Scott Writer