Securing mobile devices: The problems

John Yun, director of product marketing at Blue Coat says users and enterprises must be aware of m. browser sites

Tags: Blue Coat Systems Incorporated
  • E-Mail
Securing mobile devices: The problems John Yun from Blue Coat says that it is more difficult to see a malicious URL on a mobile device.
By  Georgina Enzer Published  December 6, 2012

John Yun, director of product marketing at Blue Coat says users and enterprises must be aware of m. browser sites.

Many people believe that iOS mobile devices are secure due to a highly regulated app store, but what they don’t realise, according to John Yun, director of product marketing at Blue Coat, is that the iOS mobile device can become a virus carrier and inject malicious code and viruses into the corporate network.

If a BYOD device acts as a door into the enterprise network, it could become a very costly problem. Mobile devices can be compromised by phishing scams or malicious URL code, just like a PC. Users can click on a link and it does not matter if the mobile device is running iOS or Android, malware can be downloaded to the device. This malware may not infect the device itself, but when it is synchronised with the network; employees can infect the back end of the entire network.

The other problem with browsing on a mobile device is the lack of visibility of the URL address bar.

“If you look at the web browser on a phone, it does not give you all the details, if you go to a PC and put your mouse over the URL, it will tell you where it is going. In a phone there is not enough room so you are not aware of whether it looks like a legitimate site or not and hackers will try and leverage that,” says Yun. “On a PC you can see it and see where it is going and if you are IT educated you know you have seen that address before, but on a mobile device it is very difficult.”

According to Yun, mobile users must be far more aware of the fact that any malware that can infect a web browser will certainly infect a mobile device and do the same thing for the rest of your network.

“You can be a carrier just like any other viruses so that when the Mac system says the virus does not affect it and downloads it, but as soon as it connects to the rest of the network it can infect whatever is susceptible to it,” states Yun.

The mobile browser

Mobile devices also have a unique problem. There is the normal web browser that can be accessed from a computer, however, when accessing the internet from a mobile device, the phone is redirected to an m. website.

“For example if you go to google.com in a mobile browser it does not go to google.com it goes to m.google.com, so from a user perspective it looks the same, but on the back end it is different servers. If you write a security policy against google.com, it does not cover the m.google.com and we call that the mobile app gap,” explains Yun.

Users do not realise that when they use their mobile browser it goes to a different server and if the m.google.com website has been compromised, for example, according to Yun a lot of security solutions today do not cover the mobile browser scenario.

“Any mobile security solution you look at today has to cover the standard web browser, the app and the mobile browser. It goes beyond just do you have a virus for PC that could be rewritten for iOS, yes, but it could also be written for the mobile browser,” says Yun.

Blue Coat is launching a mobile device security software suite with support for iOS 5 and 6 devices which can be used as an enterprise solution and deployed on employees own device.

“All the Blue Coat solutions are powered by WebPulse, a cloud analysis system. When a user clicks on a URL, it first checks the database to see if the site is valid. If it is ok it will allow you to go to that destination. The same thing happens on a mobile device, if I send you an email with a link and you click on that link, the WebPulse on the back end will fully check the URL and if it is bad it won’t let you access that site,” says Yun.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code