Enterprise Mobile Device Security Components: Antispam

Antispam is another component of mobile device security. Antispam is the ability to identify and stop spam - typically in the form of e-mail - to the device, but for today’s mobile devices, the spam vectors increasingly include SMS as well. From your users’ perspective,a distinct difference between e-mail-based spam and text-messaging-based spam is the latter sometimes costs your users.

In response to this, carriers have been pretty active. In the United States, for instance, AT&T advertises a service called AT&T Smart Limits, which allows the user to block or allow text messages from certain users. Yes, it’s an opt-in, paid service that users have to subscribe to.

The other point is that there is a global uniformity component that needs to be factored in with any sort of solution you roll out. On the standards front, the GSMA (GSM Association), a consortium of nearly 800 members, has kick-started an initiative called GSM spam reporting service whereby users who receive spam can forward those messages to a standardized number. (It’s currently proposed as #7726, which spells SPAM on the handset.)

This is a neat way to build a database of blacklists for the spam operators and eventually use this information to build an in-network spam-blocking solution! Information about spammers will also be shared among participating members who will receive correlated reports with data on misuse and threat to their networks.

Antispam solutions - for e-mail or messaging - have more value if they're handled by the server rather than the client. This enables you to centralize the antispam solutions and apply remediation at the e-mail servers that you host - or apply it at your outsourced arm.

For SMS-based spamming, the service is typically provided by the carrier, so you should actively work with your user’s carrier, or educate your users about their carriers’ services, to arrive at a solution that satisfies your needs.

A new variant of mobile spam is the use of applications on the mobile device to expose a new threat vector. For example, the Facebook app on your users' devices is one of the most popular applications in use. Even though this isn't a mobile-specific spam vector, it's one that's growing in popularity using the social network applications for posting for spam and phishing attempts.

Facebook spam.
Facebook spam.

These kinds of social engineering-based spam are the hardest to mitigate and prevent, as these are predominantly tied to user behavior and tap into the psychology that the spammers become expert in exploiting.

blog comments powered by Disqus

Inside Dummies.com