Unsafe Surfing? Web Browser Security A Mobile Concern

By  Stephanie Blanchard, Assistant Editor — January 15, 2013

Mobile employees accessing the internet on their smartphones may not think they are at risk for hacking, but the enterprise should not be lax. The recent weakness in Java 7 security, affecting hundreds of millions of PC users, is a great reminder of the potential threats associated with web browsers in general.

On Thursday, January 10 the U.S. Department of Homeland Security warned web users to disable or uninstall Java software to thwart potential cyberthiefs from spreading malware and malicious software. Such programs could be used for identity theft, deploying bots that bring down the network and other high-tech harmful attacks.

In an uncharacteristic move, Oracle Corp. issued a patch just several days after the DHS warning. Normally, the company releases fixes on a quarterly basis. When installed, the patch addresses how Java applets and applications are run. Instead of launching automatically, users are now prompted to okay the execution.

Hundreds of millions of PC users are at risk although it has not been determined how many have actually been compromised. Symantec notes it is blocking 300,000 threats a day.

Mobile Phone Threat
Oracle claims that the recent risk only relates to Java SE 7 users and the CVE-2013-0422 security threat in particular.

"These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications," the company said in a security statement.

Unlike PCs, which run on SE 7, many smartphones employ the Java Platform, Micro Edition, designed for embedded systems. 

iPhones are not even in the same boat, since Apple has only recently allowed the programming language through a hybrid mobile architecture. (The late Steve Jobs, Apple founder, was quoted as calling Java a big heavyweight ball and chain, and not worth supporting.)

Regardless, mobile devices still have their own web browser threats.
A vulnerability known as CVE-2010-1807 affects the Webkit engine used by iOS, Android, BlackBerry and Windows. According to Juniper, attackers are targeting these vulnerabilities with "drive-by downloads." That is, when a user visits an infected website, malware is downloaded without the user's knowledge.

Mobile Malware: Bad for Business
As confirmed by Kapersky research, 2012 saw explosive growth in mobile malware.

Needless to say, mobile malware can easily disrupt the business processes and cause financial headaches as well as security breaches. A virus can hack a device's email, get a hold of all its contacts, steal data, send out nasty spam or simply delete information. Phones can become unusable if infected or locked.

Some malware can actually access the device's camera to take photos at random. In addition, "fake installers" take over applications, turning free apps into pay services via premium SMS messages.

For IT departments in charge of a BYOD environment, it's enough to make an already difficult job all the more challenging. Here are 10 Tips to preventing threats to enterprise data.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

Mobility Outlook 2015: People & Process Coming Together

The progression of mobility in the enterprise so far is akin to a child entering its early awkward teenage years, according to 451 Analyst Chris Marsh. How will this change in 2015? What trends need to go and what's coming? This exclusive report explores looks ahead and Marsh provides practical recommendations.