Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

HTC breach a reminder on mobile security

HTC's rapid acknowledgment of confessed "serious" security exploit, discovered and published this week by security researchers, may ultimately help deflect criticisms

It's hardly the kind of thing any company wants attached to its name, but HTC's rapid acknowledgment of confessed "serious" security exploit, discovered and published this week by security researchers, may ultimately help deflect criticisms and will, regardless, serve as a valuable reminder to CSOs that mobile devices represent a new and still-evolving security threat within the enterprise.

That's the consensus after the bug was published by researchers Trevor Eckhart, Justin Case and Artem Russakovskii, who contacted HTC with news of the vulnerability they had discovered and waited five days without a response before pantsing the company in front of the security and mobile worlds.

The resulting admission involved the kind of PR contrition that no company wants to have to face, but the fast-growing Taiwanese mobile maker has subsequently rushed to patch its Sense user interface to prevent exploitation of the bug, which allows malicious apps to obtain information including user details, calling history, SMS logs, and more.

HTC Australia declined to speak about the bug, offering only its standard statement that

"in our ongoing investigation into this claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application….potentially acting in violation of civil and criminal laws….As always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources."

The fact that the bug was exposed before HTC had time to fix it left some security commentators incensed and more than a little concerned, but CSOs may find temporary consolation in the relatively low penetration of Android handsets in Australian businesses.

While IDC Australia's latest Mobile Device Tracker research suggested Android phones were our second most-popular smartphones with 30 percent market share behind the nearly 40% market share of Apple's iPhone, surveys  indicate that the iPhone has a much larger presence within businesses.

recent survey by Intermedia, whose ActiveSync  hosted mail service supports a range of devices, suggested the iPhone accounted for 61% of smartphones in businesses and Android, just 17% (for the record, Apple's iPad outranked Android-based competitors by 99.8% to 0.1%. These figures aren't likely to be helped by the ongoing discovery of vulnerabilities in Android smartphones, which have suffered a flood of security breaches as a 400% year-on-year surge in the volume of Android malware keeps Google – and businesses in the field – on their toes.

Could the ongoing spate of vulnerabilities damage Android's credibility with enterprise security executives? Yee-Kuan Lau, market analyst with IDC Australia, isn't entirely convinced.

"It would be too precipitous to say Android-based smartphones are not appropriate for business usage as a result of this one incident," she explains.

"Every platform has inherent security risks and this will be no different for Android as for other mobile OSes. Organisations should be utilising a range of security solutions to ensure secure access to apps and data regardless of the kind of device that is chosen. The question of appropriateness for business comes down to the organisations' goals and ICT imperatives."

It could take a while for the industry to catch up, however. Although new solutions such as Symantec's Data Loss Prevention for Tablet are designed to let security staff restrict the flow of information from iPads, which have emerged as another of the significant mobile data holes, like USB memory sticks.

Symantec debuted its iPad version of the software this week, but it will be next year before an Android equivalent debuts; in the meantime, CSOs contemplating management of Android will have to rely on more conventional techniques such as careful patching, user education – and, of course, the regular crossing of fingers.
 

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Google, HTC, IDC, Intermedia, mobiles, Symantec

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: ActveSync, Android, android malware, Google, htc, HTC software, IDC Australia's Mobile Device Tracker research, Intermedia, mobile devices, security breaches, security exploits, security threat, smartphones, vulnerability, wirless and mobile security
Latest Blog Posts
Whitepapers
  • Securing Vital Infrastructure
    A unified approach to information security can help modern vital infrastructure providers deal with evolving IT threats without compromising on communications or the demands of an increasingly mobile workforce. Flexible policies, combined with quality inbound threat detection, deep content inspection and encryption capabilities can help organisations to mitigate the risks – not just from outside the organisation, but also within it. Read this whitepaper.
    Learn more »
  • Workshifting: How IT is Changing the Way Business is Done
    While workshifting delivers powerful benefits, from increased productivity and improved cost-efficiency for both business and IT, to improved recruitment and retention, to business continuity and security, it also poses significant challenges for IT. The following discussion examines the forces driving the rapid rise of workshifting, the forms it can take, the IT challenges that must be addressed to enable it, the technologies now available to unlock its full value and the resulting benefits for the business.
    Learn more »
  • Enhancing Decision-Making, Cost-Efficiency, and Profitability With Predictive Analytics
    Today’s managers must always look at the past, present, and future. They need reports on past performance to improve operational efficiency. Business intelligence (BI) platforms such as Information Builders WebFOCUS, are providing a unified decision-support environment where managers can retrieve and analyze data about past, present, and future activities. In this paper, we will discuss the incorporation of predictive modeling capabilities into the WebFOCUS BI platform, and highlight how this advanced functionality can dramatically improve decision-making, thus reducing risk and costs while increasing revenue and profits.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments