The Defense Department is searching for advanced encryption technologies and other data-protection systems to protect the growing number of smartphones and tablet computers that are being used by U.S. government and military personnel around the world.
As more of the government’s business is conducted over digital devices, the cybersecurity battle on the mobile front will become much tougher, experts said.
“Wireless attacks will explode this year,” said Tom Kellermann, chief technology officer at AirPatrol Corp., a Columbia, Md.-based firm that specializes in information technology and wireless security systems.
During a panel discussion at the Association for Enterprise Information conference in Alexandria, Va., he pointed to a recent data breach study conducted by Verizon and funded in conjunction with the United States Secret Service. It found that the attack pathway of choice is now via remote access accounts, including those in mobile devices.
Mobile operating systems and info-tech gadgets are headlining the themes at a number of hacker conferences this year, he added. “We know once a blueprint of that attack is created at these conferences, people can retrofit their weapons around that capability,” he said.
Cyber criminals also are figuring out ways to infiltrate smartphones and handheld computers, and using them as “beachheads” from which to attack another target, he said. Microsoft Corp. and its Windows platform have long been the targets of hackers. But the recent growth in successful attacks on other platforms, ranging from Sony’s PlayStation to Google’s Android to Apple’s iPhone, is signaling a shift, said Pat Arnold, general manager for cybersecurity practice in the company’s Americas services division.
There is a heated debate about whether smartphones are more vulnerable to cyber attacks than desktop systems. But the consensus is that the enticements for cybercriminals have grown. “It’s a juicy ecosystem to go after,” Arnold said.
Hackers are becoming more creative in their tactics. He told the conference that at one of the hacker conventions in Europe, an attendee set up an antenna array that functioned like a cell tower. He was able to put malware code down to take over mobile devices. At Microsoft, engineers erected a similar system and demonstrated how easily they could hijack 150 phones in the building.
More than 600 known variants of attacks exist for mobile devices specifically, said Kellermann. The major virus scanners that have moved into this space all fall short, he said. “They cannot clean your phone. They can merely tell you that you’re polluted today,” said Kellermann. Moreover, to counter attacks, the companies have to see instances of it several hundred times before they release a signature or vaccine for the problem. By then, it is too late.
Military users of smartphones understand the risk of cyber attacks, and are receptive to tighter security controls in order to receive critical information while on the move, said Alex Carter, an Army reservist who is an account executive at Daon, a biometric identity management company. “They are more willing to give up certain things to be able to access what they need on the battlefield,” he told the conference. Identity trust is the missing factor in cybersecurity, he said. The only way to have that is through biometrics. Troops could submit data, such as fingerprints or facial scans, or simply speak to verify their identities before being permitted to access defense networks via mobile devices, he said. “Operators on the ground are pushing for this,” he said. “The peace offering is biometrics.”