Concerns about wireless security have been mounting over the past few years as rumors about mobile viruses, malware and other evils set fear into the hearts of CIOs everywhere. Despite obvious advantages of emerging wireless technologies, many businesses remain reluctant to deploy them due to perceived security risks. Those who do choose to go wireless direct too much effort at employing device-based malware solutions.
Gartner analysts, at the firm’s I.T. Security Summit meeting recently held in Washington, D.C., proclaimed several major security threats “overhyped.” Among them are vicious mobile viruses and super-worms, sabotaged wireless hotspots and unsecured VoIP. Gartner urges CIOs to relax and stop spending valuable time and funds on complex malware solutions that are mostly ineffective.
Gartner states that for rapidly spreading attacks to occur, several conditions must exist to enable them. Smartphones must account for 15 percent of all wireless phones in use, which is unlikely to occur before 2007. For the viruses and worms to be transmitted via executable attachments in wireless messages, 30 percent of users must commonly receive e-mails with attachments they open and launch. Although exchange of pictures and ring tones is already rampant, large-scale user-to-user sending of executables probably won’t be seen until the end of 2007. The diversity of operating systems currently offers some protection, as viruses can only be written for a specific OS, but the projected convergence by the end of 2007 will make mobile devices more susceptible to a worm or virus attack.
Every new technology is met with some concern, and the nature of wireless communication understandably magnifies the anxiety. Hype is augmented by anti-virus vendors that are eager for profitable opportunities. However, according to Gartner, mobile-based antivirus software is unlikely to work because many of these risks must be addressed in the network. Several wireless carriers, including T-Mobile, are already trying to filter viruses from the wireless networks before they can reach phones. Gartner believes that by the end of 2006, when the threats may actually materialize, mobile carriers will have developed sufficient software filtering capabilities to prevent attacks.
Gartner urges companies that are considering VoIP to calm their fears and switch. Security risks are still very low for IP telephony. Eavesdropping, the most exaggerated threat, is highly unlikely because it requires local area network-based access to the intranet. Thus the threat, should it arise despite standard preventative measures, will probably come from the inside.
“There are two major security issues that have slowed down the business use of wireless,” says John Pescatore, VP
at Gartner. “The first is the ability of outsiders to break into enterprise networks—’If I put wireless in my headquarters building, someone sitting out in the parking lot will be able to get on my corporate network.’ The second issue is giving the employees laptops with built-in wireless capabilities. Now somebody can attack their laptop—I can sit next to you in Starbucks or the airport lounge and see everything on your hard drive.” These intrusions, however, can be prevented, according to Pescatore, simply by turning on security. “With today’s wireless security technology, businesses can use wireless securely, but many of them don’t turn security on. Most wireless attacks take advantage of wireless access points that are left wide open. The threats are real, but stopping them isn’t all that hard.”