Smartphones outsold laptop computers for the first time and the trend is likely to continue as many people acquired a taste to leave their laptops at home in favour of the smaller, lighter devices.

While only a few mobile workers currently do all of their work on Smartphones, a survey from research firm In-Stat revealed that over 50% envision using Smartphones as their sole computing device in the future. Thus, security solutions must be in place to protect enterprises from vulnerabilities associated with this growing segment, keeping in mind that the advances in flexibility, power, and mobile access of handheld devices come with a risk. Popular features such as email and Internet connectivity, still-maturing protocols and practices, and expanded access to corporate networks and confidential information, expose enterprises to a vast and growing array of security threats. At the same rate technology makes progresses, cyber-attacks become more complex and sophisticated, including blended threats that can enter and infect multiple areas of an enterprise’s network. Protecting one part of a corpo¬rate network—for example, the network gateway—without protecting endpoint devices, such as handhelds, is a gift for hackers looking for new vulnerabilities and lapses in security coverage. So it is not surprising that handheld devices have become a growing target for malicious activity by organized criminals, who seek to exploit corporate IT vulnerabilities for financial gain.

Is security jeopardizing Smartphones’ popularity?

Smartphones, with their PC-like computing capabilities, are the fastest growing segment, as well as the most vulnerable to security risks of all handheld communication device categories. As they combine cellular phone capabilities with basic tools such as address books and contact lists, additional functionality like Bluetooth, MMS, and streaming video, plus more advanced features such as “push” email and Web access and the fact that they typically access corporate information, files, and resources over the Internet using software, specially designed for remote access and smaller user interfaces, gives an overview of lurking risks. However, given the changing business environment and ever-increasing capabilities packed into Smartphones, it is no wonder that they are rapidly becoming an indispensable part of business. Handheld wireless communication devices deliver real business value, allowing users to access information and applications like never before.

But here’s where it gets challenging. With features such as Bluetooth, MMS, email, and Internet access, handhelds are becoming a backdoor into corporate networks and a new target for malicious activity. Protecting the security at an enterprise perimeter level is not enough, not when endpoints such as handhelds can be used as an entry point for attacks or as a mechanism for spreading malicious activity like virus, worms, Trojans, spyware and other malware. The types of hand¬held threats are already broad and I don’t want to go into any further details here. Already over 400 different mobile viruses have been reported. Security experts and industry analysts expect this number to grow in much the same way that malware affecting PCs has grown over the past ten years.

Access to sensitive corporate data, often over unsecured wireless access points and networks, leaves businesses vulnerable to unauthorized access, loss or theft of data, including intellectual property and confidential customer information, and associated non-compliance with security regulations. Applications like online mobile banking and email expose users to the same types of threats facing PCs, confronting them increasingly with adware, spyware and phishing attacks.

Currently, the greatest threat to enterprises deploying handheld devices occurs when data stored on devices falls into unauthorized hands. An alarming number of devices are lost or stolen every year, and research shows that the vast majority contain confidential business data.

Growing market of handheld devices attracts attention of hackers

As Smartphone operating systems standardize and consolidate, hackers will be able to have an even greater impact for the same level of effort, that’s for sure.

So, let’s take a look at the most common operating systems in order to get a better overview:

• Symbian, an open OS dominated the market for quite some time, but has been outpaced now by  Apple’s iOS and the Linux-based Android OS, according to the recent Mobile Metrics report of AdMob.

• Apple’s iPhone entered the scene just three years ago and now dominates the market. Running on a mobile version of its Mac OS X operating system, the iPhone software has built-in support for a VPN client and supports a range of Wi-Fi Protected Access (WPA) protocols, focusing on multimedia features.
• But Linux operating systems for mobile phones are also on the rise, as seen with Google’s G1 Smartphone, running the Linux-based Android OS
• Palm OS is a proprietary embedded operating system used on some mobile devices and was a pioneer in Smartphones with the introduction and popularity of the Treo. Research In Motion (RIM) Blackberry devices use a proprietary multi-tasking OS and place special focus on email capabilities.
• Windows Mobile is a compact OS integrated into a suite of applications designed for mobile devices based on the Microsoft Win32 API and runs on multiple hardware platforms.

As malicious entry into any part of an enterprise’s network architecture can be lethal, vulnerabilities have to be addressed by protecting all endpoints, including PCs and handheld devices.

Therefore keep in mind the five primary components to handheld wireless communication device security which are secure remote network access, virus and malware protection, endpoint security policy compliance, data security, and centralized management.

If you are interested in reading the details on how to ensure security and stability of information and network assets, watch out for the second part of this article in the August issue of Asian e-Marketing.

Excerpt from Check Point - Handheld Wireless Security: Business-critical devices face new security threats.