Enterprise Mobile Device Security: Spyware Dangers

By Rich Campagna, Subbu Iyer, and Ashwin Krishnan from Mobile Device Security For Dummies

Spyware on the enterprise mobile device not only consumes bandwidth and computing resources but exposes the enterprise to liability issues, security risks and limits productivity. But how does it get on the device?

One of the most popular applications on the mobile device is SMS — and this popularity has not been lost on the hackers! As mentioned earlier — and it bears repeating — spyware is a real threat. One particular variety manipulates SMS messages and exposes them so they can be read by others in the near vicinity.

Given the ubiquity of SMS, it provides a compelling attack vector for hackers to exploit, and an innocuous-looking SMS can result in an inadvertent installation of spyware by the unsuspecting user. This spyware then scans through the contact database of the user and starts spamming the user’s contacts via any means possible, including SMS, e-mail, or even a call to the contact.

So what can you do? Again the same refrain — education, education, education. You users need to adopt these practices:

Be wary of any unsolicited SMS and don’t click any embedded links in the SMS.
A rapid drain in battery usage should serve as a warning that spurious applications may be at play. You need to get the device inspected by a technical expert. If it’s an enterprise-issued device, contact IT; if it’s a personal device, contact the service provider or other reputable third-party.

You need to be vigilant in keeping up with the variety of SMS-related threats prevalent in the mobile device ecosystem. At a minimum, work with the service provider for the enterprise-issued handsets to negotiate a service contract that includes a device replacement policy as well as a service for cleansing infected devices of spyware.

The provider may also offer an SMS-related security service that you should consider seriously if there is an uptick in user complaints.