The carrier problem overseas is very alarming. Software and firmware solutions are ineffective...
Washington, DC (PRWEB) June 12, 2013
IntegriCell Group, Inc., a recognized global leader in mobile security products and consulting services, today announced that CEO Aaron Turner has been featured in CSOonline.com’s May 2013 Q&A article titled “Security managers still don’t get mobile security.” In April Turner was a featured speaker at CSO40 Security Confab + Awards in Braselton, Georgia, and afterwards, CSO executive editor Joan Goodchild interviewed him for a deeper dive into the magnitude of today’s advanced persistent threat (APT) mobile device security problem. Goodchild and Turner had a lengthy discussion about new ways attackers are using mobile devices for APTs.
Highlights from the interview:
- Senior information security (infosec) managers aren’t always early adopters of APT-fighting technology and often don’t understand the inherent problem until it’s too late.
- Not all carriers are “friendly.” This is especially true traveling overseas where privacy “rule of law” is nonexistent. Carrier threat is the worst kind because carriers bypass security at the software and firmware level of mobile devices; the phone is always open. When the phone reconnects to enterprise IT systems, a wider breach occurs.
- Becoming a “carrier” is getting easier and the number of rogue towers that are seemingly safe, are growing daily.
- Malicious application developers are realizing how lucrative cyber-crime is and the monetary reward is significant. Even the friendly coffee shop owner overseas realizes s/he can make more money from your data than off your cup of espresso.
“I was very happy to join Joan and the event organizers at CSO40 to help spread the word on how serious APT is, and how dangerous apathy can be for senior infosec managers,” Turner said. “The carrier problem overseas is very alarming. Software and firmware solutions are ineffective for a rogue carrier that wants to attack a mobile device or tablet.”
When asked by Goodchild if security managers are “really getting it,” Turner offered this assessment of the market’s readiness to fight APTs against mobile computing devices:
- Most “security aware” organizations are taking the threat seriously and have insight to where the malicious carriers are. Organizations that have been exposed to hostile carriers in different countries destroy their devices before they are re-connected to their enterprise IT systems.
- Being “security aware” is the key to fighting APTs that target mobile devices; however the number of security-aware organizations is very small. The majority of vulnerable enterprises are reactive to APTs and only able to take action after breach.
- Because of the gap in knowledge on mobile device APTs, security managers are unable create comprehensive threat models that are needed to better understand how to combat these types of intrusions.
- The international threat is alarming and oftentimes originates from the government of the country traveled to. In October of 2011 the Office of the National Counterintelligence Executive addressed this issue in a report to congress titled “Foreign Spies Stealing US Economic Secrets in Cyberspace.”
- Several companies, including IntegriCell, CSOonline.com and CSO magazine are beginning to socialize the risks of overseas rogue cell towers and malicious international government threats.
IntegriCell has developed a hardware device that can prevent attacks from rogue cell tower- and government-related APTs. The device, named KeyLime, creates an encrypted hardware security token that is not part of the mobile device’s OS or firmware. KeyLime’s security token can prevent rogue carrier intrusion because of the hardware barrier between carrier, Wi-Fi network or other wireless access point. The interface for KeyLime is universal as it utilizes the audio jack from the device it protects, removing the problem of different connectors for Samsung and iPhones, the two devices that control nearly 95 percent of the U.S. smartphone market.
“We need to get the word out to infosec managers how vulnerable they are when their people travel outside the U.S.,” added Turner. “I applaud organizations like CSO Magazine (CSOonline.com), which helps spread the word through their conferences and publications. The war we need to publicize…the war that U.S. mobile carriers don’t talk too much about is being waged today in cyberspace.”
To read the CSOonline.com article, please click here; the article will also publish in the July/August 2013 printed issue of CSO magazine. For more information on the Office of the National Counterintelligence Executive, please click here.
IntegriCell delivers mobile security solutions and consulting services that provide insight to advanced persistent threats (APTs) that impact enterprise organizations, government agencies and end-user consumers. IntegriCell’s featured mobile security products are KeyLime, a universal hardware device for mobile security, and SyncDog, a software solution that correlates phone message logs to reveal patterns of user behavior indicative of cyber threat. The roots of IntegriCell date back to the early days of information security at Microsoft where IntegriCell founder Aaron Turner served as security strategist. Turner eventually landed in research and development at the U.S. Department of Energy’s Idaho National Laboratory, where significant research into cross-domain cyber security vulnerabilities has been conducted for more than a decade.
Originally a services company, IntegriCell’s professional services offerings are designed to be accelerated knowledge-transfer engagements targeting enterprise risk managers, network operators, infrastructure managers, government entities and law enforcement. For more information on IntegriCell, please visit http://integricell.com.
About CSOonline.com and CSO magazine
CSO provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more.
CSO magazine and CSOonline.com are published by CXO Media Inc., which is an IDG (International Data Group) company. For more information on CSO magazine, please visit http://csoonline.com.