Archive for September, 2011

Mobile Security’s Future: 4 Expert Predictions

September 28th, 2011 No comments

Mobile Security’s Future: 4 Expert Predictions

Despite gloomy predictions, the amount of malicious software affecting mobile devices today is miniscule, primarily because mobile app stores act as a first line of defense against the pernicious programs. Also, criminals have not seen massive potential for profit on the devices–yet.
“The bad guys care about money, like credit-card information,” says Charlie Miller, principal consultant with security compliance firm Accuvant. “Phones are full of personal contacts and embarrassing stuff, but not things that are easily monetized.”
Traditionally, IT works in a break-fix mode within operational silos.

Discover the benefits of a holistic approach to IT management.
The lack of obvious ways to profit from hacking phones has left them fairly free of attack. Yet, the historical lack of malware looks ready to change, which means that users will not be able to solely rely on app stores to protect them. Here are four predictions for the future of mobile security.

1. More Alluring Means More Threats

Charlie Miller, principal consultant at Accuvant, says certain characteristics of smartphones have dissuaded criminals from focusing on attacking the devices. They include the fact that smartphones have not historically accounted for a large share of the mobile market, that there are a handful of platforms, and the data on the phones has never been that valuable.

Each of those points is now changing, and that means that workers and consumers can expect their phones to be targeted, he says.

“As more people put sensitive data on their phones or use their phones to do sensitive things, like banking or shopping online, then slowly the malware authors and cybercrminal-type guys are going to go after the devices,” says Miller, who successfully compromised an iPhone 4 at this year’s Pwn2Own competition at CanSecWest. “Smartphones are a little more locked down then PCs, but the bad guys will be able to exploit them.”

[ See how one company provides security for Android smartphones ]

The introduction of a number of digital wallet programs that allow users to pay for goods using their phones is likely to attract more attention from criminals, he says.

The code review carried out by Apple eliminates many threats to that company’s iPhones and iPads. Even in the absence of code review, Google’s Android Marketplace, the open-source equivalent to Apple’s closed-source store, can quickly remove any malicious apps and remotely delete them from users’ devices. Yet, mobile-device users should not merely rely on the software ecosystem to keep malware off their phones, Miller adds. Even though Google has the ability to remove malware from a phone, the program could still do bad and irreversible damage in a short time.

“While you don’t have worry about the [malicious] app being there forever, the bad thing is that someone might have all your data, at that point,” he says.

2. Work Separates From Play

William Enck, an assistant professor at North Carolina State University, says another major change in the way people interact with their phones will be the introduction of ways to separate work applications and data from a person’s personal data and programs. Enck co-authored a paper presented at the USENIX Security Conference on Android security.

“You are running business software on this phone that you are doing personal stuff as well–that’s a concern for companies,” Enck says. “There is a need for providing systems to create some separation between the apps you are running personally, and the apps you are running for business.”

While some consumers will only want one instance of some programs, such as the address book, other programs have specific business functions. Virtual private networking software, data viewers and visualizers that handle corporate data, and collaboration software could all be run in a separate virtual instance on the device to protect the applications and data from unauthorized use, he says.

“Phones may, in the future, have the ability to give certain guarantees of confidentiality for certain data, while allow other applications to interact as necessary,” Enck says.

RIM’s Balance for the BlackBerry separates the personal and work aspects of a phone. VMware has teamed up with LG to sell a smartphone with two virtual instances on it–one for business use and another for personal use. VMware has broader plans for mobile, as well.

3. Patching Becomes Quicker

Tim Vidas, an Android researcher at Carnegie Mellon University, notes that the chain of software suppliers for most smartphones is a long list. Once a vulnerability is spotted, it has to get fixed by the developer, added to the latest Android operating system by Google, recompiled into the manufacturer’s version of the firmware, and checked by the carrier. In all, it can take months, if not years, for a security patch to reach the user’s phone.

Patches have to come faster, so as not to leave phones vulnerable to attack via known flaws, says Vidas, a PhD student in the department of electrical and computer engineering at the university.

“You could differentiate the patch cycles for security versus features,” Vidas says. “Then, when Google makes a security patch available, that could go directly to the phone.”

Google has not commented on its plans to speed patching, except that it is working with handset makers and carriers on the issues. Apple is moving to over-the-air updates in iOS 5, which will increase the likelihood that a patch will actually be installed on a user’s phone.

Until then, mobile device management companies will have to find ways to protect the phone even if a patch is not available.

4. Location Tracking Does More

While location-based services have become common for mapping applications and some advertising services, they also may start becoming a way to automate security.

Wiping a phone that is lost or missing is only the most basic version of this capability. Some mobile-device management and wireless-security applications can change which applications can use the Internet based on whether an employee is in the office or at home. Stock brokers on the trading floor, for example, would not be able to use social-networking applications.

“We want to them to have full functionality when they are in their home or in the parking lot, but when they are in the company, we don’t want any third party that has a footprint on the device to listen in,” says Tom Kellerman, chief technology officer of wireless security firm AirPatrol. “We can triangulate the specific location of a device and push that information to be acted on by various other services and software.”

Paired with the increasing ability of mobile devices to segment work and personal data, these applications could prove even more helpful to enterprises.

Security pros weigh in on major trends that will change the way enterprises handle mobile threats, such as separate personal and work spaces on devices and faster patching.
By Rob Lemos, InformationWeek
September 28, 2011

Categories: Uncategorized Tags:

Google Pushes Mobile Site Optimization

September 27th, 2011 No comments

Google will introduce mobile optimization of Web sites for AdWords campaigns to drive mobile search traffic. On average, Google expects the ads to accelerate mobile traffic at lower costs.

The move follows last year’s decision to limit ad serving on high-end mobile devices when pointing to landing pages with Flash-heavy content. Both changes aim to give consumers better experiences on mobile devices. Sixty-one percent of users who participated in a recent Google study said they are unlikely to return to a Web site they had trouble accessing from their phone.

Sonja Lee, Google product marketing, said Wednesday that more than 925,000 mobile devices are activated daily. Mobile queries on google. com during the holiday season grew nearly three times from 2009 to 2010, and the company projects much higher growth in 2012. Google estimates that 44% of all shopping-related searches in the U.S. will come from mobile phones during the holiday season.

Developing a mobile site requires that goals be defined to support everything from an informational landing page to a product-specific microsite. Marketers need to analyze Web site tracking to see how mobile visitors interact with the desktop site.

A key foundation for mobile strategies includes setting up separate mobile-only campaigns and thinking local. Separating mobile ads improves click-through rates, on average, of 11.5%, according to Google. Once mobile campaigns are in place, optimize and set bids.

While ad space is limited on mobile phones, they are more prominent compared with desktop search. Marketers need to bid for either the first or the second position. Anything else serves up below the organic search results. Google released a new optimizing tool to adjust bids and analyze performance. When possible, provide a call to action appropriate for mobile users, such as “Call today for a quote” or “Browse our catalog from tablet.”

Creating mobile campaigns may require using a mobile-specific keyword tool that can help to find mobile-specific keyword ideas and traffic estimates. Local interest enhances mobile advertising. One out of three searches on mobile has local intent on And Google research shows 61% of users call the business after finding it from a search on a mobile ad, and 59% visit the physical location.

Iphone 5 in Demand

September 13th, 2011 No comments

Turns out the tech press isn’t alone in lusting after the phone Apple is expected to unveil within the next month. More people are likely to buy the iPhone 5 than were ready to put their money down for an iPhone 4 before that launched, according to a survey of 2,200 potential cellphone buyers.

The survey, conducted last month for ChangeWave Research, shows that 31% of customers who are currently shopping for a new phone consider it “very likely” (13%) or “somewhat likely” (18%) they will end up with an iPhone 5 in their hands. Compare that with the numbers for the iPhone 4 — 12% and 13% respectively — and what you have is a level of pent-up demand that is unprecedented in surveys like this.

Of course, that’s largely a function of the fact that we’ve had to wait so long for the iPhone 5. Its predecessor is nearly 15 months old at this stage; that’s a lifetime in cellphone years. Some 66% of current iPhone owners say they plan to upgrade to the new model, sight unseen. That includes a whole lot of iPhone 3GS users — myself included — who opted to skip a generation.

There’s also some interesting news for Sprint in the survey: Fully 54% of their subscribers say they are “significantly likely” or “somewhat more likely” to buy the iPhone 5, which reports suggest will be launched on Sprint complete with an unlimited data plan, of the kind that AT&T and Verizon no longer offer. But it may be a case of being careful what you wish for. If current iPhone usage is any indication, the amount of bandwidth those customers will suck up may be more than Sprint can profitably afford.

Categories: mobile Tags:

Using Gmail, Docs, Calendar without internet !

September 2nd, 2011 No comments

The great thing about web apps is that you can access all of your information on the go, and we’ve introduced ways to use Google Apps on a variety of devices like mobile phones and tablets. But it’s inevitable that you’ll occasionally find yourself in situations when you don’t have an Internet connection, like planes, trains and carpools. When we announced Chromebooks at Google I/O 2011, we talked about bringing offline access to our web apps, and now we’re taking our first steps in that direction. Gmail offline will be available today, and offline for Google Calendar and Google Docs will be rolling out over the next week, starting today.

Gmail Offline is a Chrome Web Store app that’s intended for situations when you need to read, respond to, organize and archive email without an internet connection. This HTML5-powered app is based on the Gmail web app for tablets, which was built to function with or without web access. After you install the Gmail Offline app from the Chrome Web Store, you can continue using Gmail when you lose your connection by clicking the Gmail Offline icon on Chrome’s “new tab” page.

Google Calendar and Google Docs let you seamlessly transition between on- and offline modes. When you’re offline in Google Calendar, you can view events from your calendars and RSVP to appointments. With Google Docs you can view documents and spreadsheets when you don’t have a connection. Offline editing isn’t ready yet, but we know it’s important to many of you, and we’re working hard to make it a reality. To get started using Google Calendar or Google Docs offline, just click the gear icon at the top right corner of the web app and select the option for offline access.

IT administrators can deploy Chrome Web Store apps to users en masse by setting up organizational policies for Chrome.

Today’s world doesn’t slow down when you’re offline and it’s a great feeling to be productive from anywhere, on any device, at any time. We’re pushing the boundaries of modern browsers to make this possible, and while we hope that many users will already find today’s offline functionality useful, this is only the beginning. Support for offline document editing and customizing the amount of email to be synchronized will be coming in the future. We also look forward to making offline access more widely available when other browsers support advanced functionality (like background pages).

Categories: google Tags:

Switch to our mobile site