Enterprise Mobile Device Protection against Viruses
With the widespread use of applications that download attachments to the mobile device the need for virus-based protection is becoming critical. Keep in mind, however, that other mobile-specific attack surfaces (exposed areas that are vulnerable to attack by hackers) allow for other ways to infect the mobile. For instance one of the early mobile viruses would propagate itself by using MMS message attachments and Bluetooth.
These attacks use features found specifically on mobile devices – MMS, Bluetooth, and the contacts database – to compromise the device and propagate the attack.
Here’s how each mobile virus propagation technique works:
Bluetooth: This technology has come of age with the widespread use of hands-free devices as well as close-range device-to-device communication. The standard operating configuration for most users is to place the device in discoverable mode (so it can be seen by other Bluetooth-enabled devices nearby) or connected mode (which allows the device to be discovered and connected to). Viruses can be delivered to the device in either of these modes.
Note that this potential risk can be overcome by completely turning Bluetooth off so you eliminate the Bluetooth attack surface. However your users are not likely to do so because it’s not user-friendly. They’re much likelier to keep their phones both “discoverable” and “connected,” which makes them sitting ducks for virus attacks.
Messaging: Malware attachments can be appended to messaging services such as e-mail, MMS, or Instant Messaging. Typically the default configuration does not allow these attachments to unpack and run automatically; the user has to accept the attachment and open it and become infected. But you probably know the dazed look in your users’ faces when they see those deadpan warnings; expect some of them to ignore the warning and fall victim.
Downloads: This is probably the most widely used way to disguise and deliver malware. All the device needs is an Internet connection; the incoming malware-infected file can show up disguised as (say) a game, security patch, software upgrade, utility, shareware program, video, picture, you name it. Even worse, an infected server from a reputable vendor can cause even the most cautious users to become unsuspecting victims to file-based viruses.