Small Business Attack – Mobile Attack
- At November 11, 2009
- By Josh More
- In Business Security
- 0
Despite all the humorous commercials to which I am now receiving links, you may have in your possession an iPhone. You may have even gone through the lengthly process of installing unofficial software on it. So there you are, all happy with your fancy toy and feeling smart about yourself. Then, one day, you turn it on and instead of getting your normal pretty backdrop of a baby hedgehog you get a photograph of Rick Astley… which isn’t quite the same thing, really.
It sounds far fetched, but that’s exactly what happened to a large number of iPhone users over the weekend. A worm was launched that specifically targeted iPhones and spread over the web in just a few hours. Now, in this case, the author was just trying to make a point, and the media is generally taking a light view of things… after all, Rick Astely is funny, right?
Let’s take a different view of the situation.
Suppose that, one day, you turn on your iPhone and instead of getting your normal pretty backdrop of a baby hedgehog you get a photograph of Rick Astley. You shrug, go on with life and check your email. While you check your email, you notice that things a bit slow, but hey, it all works. You put your iPhone back in your pocket and head over to work. When you get to work, you see an upset security officer standing in your office, who informs you that someone hacked into your iPhone, copied all your email when you checked it, accessed your VPN password, used the VPN password to get into your network and download all your files, including the one containing access to your company’s bank account and transferred all of the money overseas.
That’s a bit more than an amusing little attack, isn’t it? However, to be fair, it is a little bit unrealistic. Let’s take a more realistic view:
The exact same things happened, but the security officer wasn’t waiting in your office for you. In fact, the security group didn’t even know what was going on until the accounting group called and let them know… which happened after they found the problem and were able to determine that it wasn’t an accounting error… which was in excess of the normal 48 hour window and now the money is gone, the business is going under and it’s your fault because your iPhone got hacked.
The risk here is that iPhones, Blackberries, Palms, Droids and the like aren’t phones. They’re little portable computers that work just like phones. More than that, they’re little portable computers that are always attached to the Internet, have no firewall, don’t run antimalware and are often connected directly to your network.
The fact that the first big worm just changed the background proves that we’re really lucky and should view this as a wakeup call.
Are you awake yet?