Tag Archive for Mobile

| May 26, 2015
Comments Off on Mobile Malware FUD?

Mobile Malware FUD?

Mobile Malware FUD?Just last week, I wondered out loud from my Bach Seat if all the hype around mobile malware was real or just more FUD. Looks like I am not alone, TechCo recently asked a similar question, “Are We Overstating the Threats from Mobile Devices?

mobile threatsThe author cites several recent reports that back up the claim that the actual mobile threats that mobile devices introduce into the enterprise are overstated. The data indicates that the mobile malware threat is statistically small and has even decreased since 2012.

• A McAfee report shows out of all the malware now out there, only 1.9% of it is mobile malware. The author equates the mobile threat to 4 million / 195 million McAfee knows about.
• Another report (PDF) from Verizon (VZ) shows even lower numbers, with only 0.03 percent of smartphones being infected with what is called “higher grade malicious code.”
hit by lighting• But some numbers go even lower than that. Damballa, a mobile security vendor that monitors roughly half of mobile data traffic, recently released a report that claims you have a better chance of getting hit by lightning than by mobile malware. Dramballa found only 9,688 smartphones out of more than 150 million showed signs of malware infection. If you do the math, that comes out to an infection rate of 0.0064 percent.

Even more interesting is that despite the increase in mobile devices, Damballa found the infection rate had declined by half compared to 2012.

Walled gardenThese reports may show mobile threats aren’t as big of a problem as previously thought, but the author asks, why the numbers are so low at all. After all, cybercriminals like to target new platforms and exploit security weaknesses. Why do they seem to be avoiding mobile devices?

The truth of the matter is that mobile users tend to get their apps from high-quality app stores. The stores from Google (GOOG) and Apple (AAPL) work to filter out suspicious apps. If malware is found in apps after they’ve already been on the market for a while, app stores can also execute a kill switch, which takes the app off the store and the devices where they were downloaded. This limits malware’s ability to spread.

remotely wipe devicesThe article concludes that companies that adopt BYOD should just ignore BYOD security; they just don’t have to go all-out as many businesses have done. Most mobile security experts say a mobile device management system remains a good investment to make sure mobile devices are handled appropriately. MDM systems also allow an organization to remotely wipe devices, thus keeping sensitive data safe in the event a device is lost or stolen. But malware really isn’t a factor in those cases, so the overall message from these recent reports is that getting worked up over mobile threats is not necessary. A company can still gain all the benefits of BYOD without having to worry incessantly over what they’re doing to protect every device that connects to their network.

rb-

What do you think?

Is mobile malware over-hyped FUD?

View Results

Loading ... Loading ...

 

Related articles
  • Your BYOD implementation checklist (powermore.dell.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , ,
| December 16, 2014
Comments Off on Tablets Still Don’t Rule the World

Tablets Still Don’t Rule the World

Tablets Still Don't Rule the WorldThe rise of tablets like Apple’s (AAPL) iPadSamsung‘s (005930) Galaxy Tab, and the Google (GOOG) Nexus have grabbed PC buyers’ attention and dollars for several years at the expense of the PC market. Lately, however, it seems that the carnage in the PC market has stabilized. And the growth of the mighty Apple iPad has plateaued.

iPhone, iPad, and iPod sales

iPhone, iPad, and iPod sales from Q1 06 to Q3 14 (in million units) | Statista

Cloud computingCould this be because there is no real business case for the tablets? After being on the market for several years, they have not replaced the PC at work. Don Reisinger at eWeek, recently put out 10 reasons why tablets still cannot replace PCs where he argues that the Post-PC Era is yet not a done deal. He argues despite their popularity, tablets still aren’t powerful or capable enough to replace PCs. He states in the article tablets cannot–and will not–replace PCs. Let’s look at his reasons why.

1. Component power

Over the last few years, mobile components running in tablets have gained in power. However, processors such as NVidia’s (NVDA) Tegra 3 or Apple’s A6X still pale in comparison to the power delivered in PC chips from Intel (INTC) or AMD (AMD). Until that changes, tablets can never replace PCs for the power-hungry users among us the author says.

Apple vs. Microsoft2. App availability

Apple’s App Store now offers over 800,000 applications. And although many of them are worthwhile downloads, few actually deliver the complexity and sophistication customers would find in Microsoft (MSFT) Windows or OS X. Nowhere is that more clear than in the comparison of Office on mobile and PCs. Eweek says until apps gain in sophistication, mobile can never keep up.

3. Virtual keyboards aren’t loved

The problem with all tablets is that they come with virtual keyboards. And although more people are warming to virtual keys, there are still many folks around the globe that like having the standard physical keyboard found in PCs. The blog asks why not? Typing on traditional keyboards with two hands is far more accurate and efficient.

virtual keyboard as a reason he does not use a tabletPaul Mah at FierceCIO echoed the authors, citing the virtual keyboard as a reason he does not use a tablet as his primary work device. I have struggled with iPad virtual keyboards, and yes I did try Bluetooth keyboard cases and found them disagreeable.

4. Windows is the enterprise’s favorite

The article notes that Microsoft holds a dominant position in the enterprise. Tablets are just one front on that battlefield. The enterprise is adopting tablets at a rapid rate. But that doesn’t mean that the corporate world is ready to drop Windows for iOS or Android. In fact, Windows is still the most important software solution for enterprise users. Granted, Microsoft is bringing Windows to tablets, but for now, those products aren’t proving popular. Until they do catch on, PCs will win out.

5. Think about enterprise productivity

Productivity in the enterpriseProductivity in the enterprise is extremely important. And on that front, Mr. Reisinger says PCs are still winning out, Forbes recently estimated that MSFT Office market share will drop from its current 95% to 90% by 2016. Notebooks deliver the same level of mobility as tablets, and desktops deliver the power that designers and other employees might need. Simply put, PCs are still the ideal productivity-maximizing solutions for enterprise users.

6. Tablet prices are still too high

Tablets are expensive. The latest iPad launch can set customers back $929 for 128GB of storage and 4G LTE support. A more powerful notebook can be purchased for several hundred dollars less. The author believes that given the state of the economy and the fact that many tech buyers are looking to save cash wherever possible, PCs can’t be considered obsolete in their battle with tablets.

7. Notebooks are turning into tablets

mobile malware eWeek points out that PC vendors have made the smart decision to cut off the rise of tablets by delivering touch functionality in their products. Lenovo’s Yoga, for example, has a screen that can swivel around and sit atop the keyboard to act as a tablet. As more notebooks take on tablet functionality, devices like Apple’s iPad might look like an awfully poor value for the price.

8. More options across the PC market

The sheer number of options available to customers in the PC market is something that can’t be overlooked. From notebooks to laptops to desktops to ultrabooks, there’s something for everyone. Best of all, the components in those products can be customized to match the respective customer’s needs. The blog concludes that choice, outside of storage space, is something sorely lacking in the tablet market. And customers know it.

9. The security advantage is going away

 

Tablet malwareWhen tablets started to make inroads into the PC market, many speculated that it was because of the comparative safety that went along with using such products over notebooks. Now, the author says things have changed. Android is the top target for malicious hackers now, according to several security reports, and has become the next frontier in malware. That could prove extremely troublesome for tablet adoption if things continue to get worse.

10. Tablet OSs need to grow up

Android and iOS, the two most popular tablet operating systems, are nice and effective in the mobile world. But they haven’t grown up yet. Mr. Reisinger says Apple’s iOS, lacks a file system. Android comes in too many flavors for customers to get comfortable with its functionality. Mobile operating systems have to grow up. If they don’t, tablets will never match PCs.

rb-

Huge phoneI just got back from the annual run to the big-box store for Christmas shopping and saw another reason the tablet still does not rule the world. Pfablets.  Some of these things are just as big as an iPad Mini. Now it’s time for a good Gin and Tonic after facing the holi-dazed shopping hordes.

Dell and Intel released a report [pdf] that says the desktop is still the workhorse of the average office. They found that 77% of office tasks are completed with a traditional PC.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| September 30, 2014
Comments Off on Don’t Drain iPhone 6 Batteries

Don’t Drain iPhone 6 Batteries

Don't Drain iPhone 6 BatteriesIf you are one of the 10 million who just got their brand new waterproof flex-iPhone 6, charged it in the microwave got your network and WiFi connectivity back and updated it again. There is another rumor surrounding the smartphone that was not-right. Many people still believe it’s always best for the life of the iPhone 6 battery to let it drain fully before charging it again.

AppleNo so fastCaroline Moss at Business Insider explains that there was a time when cell-phones and most electronics ran on Nickel-Cadmium batteries. When a device uses a Nickel-Cadmium battery, you’d want to let your feature-phone fully drain before charging it again. Why? Nickel-Cadmium batteries, suffer from what’s known as memory effect.” When they are charged and discharged hundreds of times, they start to lose the ability to charge up to 100%, draining your battery life significantly over time.

In 2006, Lithium-Ion batteries replaced most NiCd batteries. Ms. Moss says these new batteries can be found in all Apple (AAPL) devices and do not suffer from “memory effect” the way NiCd batteries do. Apple says on its website:

Lithium-ion polymer batteries have a high power density, and you can recharge a lithium-ion polymer battery whenever convenient, without requiring a full charge or discharge cycle.

BatteryApple does recommend, however, that you should let the device go through at least one charge cycle each month to help keep the electrons moving (as opposed to a NiCd battery which needs to go through a full charge cycle every few days). Letting the device drain from 100% to fully shutting off at 0% helps to maintain the life of the battery.

Robin Lim at The Android Guy wrote that the typical modern lithium-ion battery you find in a mobile device should last for 500 charge and discharge cycles depending. Five hundred cycles should be enough to get you through two years.

Five hundred cycles is more than it sounds. A battery cycle means a full charge and discharge. So if you charge your battery before it is empty, it will not count as a full cycle. Ms. Kim claims that if you usually charge battery when it gets to 30%, it should be good for over 700 charges.

BatteryThe battery does naturally degrade over time. While the battery is designed to last 500 cycles, it does not mean that the battery will maintain a 100% charge throughout the 500 cycles. It also does not mean that after 500 cycles, the battery will die. After 500 charge and discharge cycles, your battery would be at about 70% of its original battery life. Your phone will still report that it is 100% fully charged, but it will really be at about only 70%. Basically, your battery deteriorates about 30%, gradually, over the 500 charge and discharge cycles according to the article.

Ms.Lim offers tips to maintain LI-on batteries.

Lithum Ion battery

  1. Avoid letting the battery drain below 20-30%. Partial discharges are actually better for your battery. The old rule that you had to fully discharge your battery, does not apply to the Lithium-Ion and Lithium-Polymer used in smartphones today. Battery University tests have shown one full discharge your battery once results in more wear and tear than charging it twice when it hits 30%.
  2. Recharge often. Given that recharging at higher levels of remaining battery life results in less wear and tear, it makes sense to recharge frequently.
  3. Partial charge is okay. Plugging in the battery for your new iPhone 6 for even half an hour will keep your remaining battery level higher at the end of the day.
  4. Calibrate once every month or two. The Android Guy says continuous partial discharges create a condition called digital memory. Your smartphone does not really measure battery life, but really just estimates the remaining charge. Partial discharges decrease the accuracy of the device’s battery gauge. So once every month, or every other month, let the battery discharge to the cut-off point and then recharge. Once fully charged, leave it plug to the wall charging for another two hours. The power gauge will be re-calibrated.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 25, 2014
Comments Off on Internet of Things Full of Holes

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

BI Global IOT Installed Devie projectionsThe InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP tested IoT devicesHP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

IoT opens avenues for the attackers.While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| September 18, 2014
Comments Off on 10 Policies to Minimize BYOD Risk

10 Policies to Minimize BYOD Risk

Mandatory Authorization ProcessThe challenge for employers offering BYOD, according to schnaderworks, a labor and employment blog from Schnader Harrison Segal & Lewis LLP, is finding the right cost/benefit balance for their businesses. In developing an effectivebring your own device” (BYOD) policy, employers must first identify which employees will be eligible for the program according to the blog.

Onc10 Policies to Minimize BYOD Riske the basic parameters are set, the lawyers stress a written policy is essential to set up ground rules and permit enforcement to protect the company’s data and other interests. They suggest the following steps are key to establishing an effective BYOD policy:

1. Establish a Mandatory Authorization Process:  The lawyers say this should be completed before an employee can use company data and systems on a personal mobile device.

Require Password Protection2. Require Password Protection:  Each authorized device should have the same password protection as an employer-issued device.  According to the article, such protections include limiting the number of password entry attempts, setting the device to time out after a period of inactivity, and requiring new passwords at regular intervals.

3. Clarify Data Ownership:  A BYOD policy should specifically address who owns the data stored on the authorized device. It should be clear that company data belongs to the employer and that all company data will be remotely wiped from the device if the employee violates the BYOD policy, terminates employment, or switches to a new device. The policy should also alert employees that it is their responsibility to backup any personal data stored on the authorized device states the article.

Spell Out Procedures In Case of Loss4. Control the Use of Risky Applications and Third Party Storage:  Schnader Harrison Segal & Lewis recommends employers may want to ban the use of applications that present known data security risks, such as the use of “jailbroken” or “rooted” devices and cloud storage.

5. Limit Employee Privacy Expectations The BYOD policy should clearly disclose the extent to which the employer will have access to an employee’s personal data stored on an authorized device and state whether such personal data is stored on the company’s backup systems. The article recommends minimizing the co-mingling of company and personal data. Employers may want to install software that permits the “segmenting” of authorized devices.  However, no matter what measures the company takes to preserve employee privacy, the policy must emphasize that the company does not guarantee employee privacy if an employee opts in to the BYOD program.

Control the Use of Risky Applications6. Address Any Business-Specific Privacy Issues:  Certain businesses are subject to legal requirements about the storage of private personal information (such as social security numbers, drivers’ license numbers, and credit and debit card numbers, etc.) which may need to be addressed in a BYOD policy.  The blog points out that HIPAA requires native encryption on any device that holds data subject to the act. An employer may need to put in place processes prohibiting or limiting remote access for certain categories of sensitive data.

7. Consider Wage and Hour Issues:  Permitting employees to use an authorized device for work purposes outside of the employee’s regular work hours may trigger wage and hour claims. The lawyers suggest the BYOD policy should set forth the employer’s expectations about after-hours use  (such as a requirement that non-exempt employees must refrain from checking or responding to work emails, voice mail, and texts after hours) (rb- Yeah).

BYOD policy8. Ensure Compliance with Company Confidentiality Policies.  The author says a BYOD policy should reiterate that an employee using an authorized device must comply with all company policies on confidentiality and the “acceptable use” of company information.

9. Spell Out Procedures In Case of Loss or Theft:  The employer should set up a specific protocol to be followed in the event an authorized device is lost or stolen. The blog says the process should include the prompt reporting of a lost or stolen device and the remote wiping of the device.

Insure Compliance with Company Confidentiality Policies10. Document Employee Consent:  Finally the law firm, in good lawyer form, suggests the employer should get an employee’s written consent to all terms and conditions of the BYOD policy.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »