ERE Information Security Auditors
Home | Site Map | Contact Us | Blog
This text is replaced by the Flash movie.
 Executive Strategies for Managing Risk
Audit Tactics for Managing Risk
« Quantifying Risk and Cost of IT Security Compliance: Part 4
Quantifying Risk and Cost of IT Security Compliance: Part 5 »

What about Smartphone Security Threats?

In an article today entitled Researchers Warn Of SmartPhone Security Threats, conveniently located in the RSS feed on our web site www.ere-security.ca (no self serving here), the researchers in question discuss rootkit vulnerabilities to smart phone operating systems.

From the article, it appears that some people may / would be surprised by rootkits turning up in smart devices.  Why would anybody be surprised?

Please don’t get me started about rootkits.  For those of you not too familiar with these insidious creations by devious minds, rootkits are nasty programs that are designed to:

Do whatever the author intends, including but not limited to, providing admin privileges to the author, stealing information, damaging the host system, and migrating to other neighboring devices on a network.  They are proficient at hiding themselves by using very sophisticated techniques involving system registries, and in turn may hide other malware from anti-virus technology.  A very clear summary of the hows / whys / wheres  of rootkits may be found at: http://en.wikipedia.org/wiki/Rootkit

I’d like to hear from those of you who:

  1. Found rootkits on your own or your clients’ devices.
  2. Were asked by the clients to not bother identifying the vector used by the rootkit to insert itself.
  3. How you found them; by forensic audit processes for instance?
  4. Found any software that is supposed to be resident on workstations or servers and identifies rootkits.
    1. Any rootkit software I’ve tested finds .dll files which appear as unidentified.
    2. I know there are lots of claims about tools that find / remove rootkits.  My question is: has anyone found / built one that conclusively works, without creating too many false positives?

We all know the usual ways to guard against malware.  The questions are:

  1. Why would anybody be surprised when rootkits invade the domain of intelligent portable devices?
  2. Why do some users of said devices treat security with complete abandon, like the “wild west”?

Have a secure week.

Regards, Ron Lepofsky, B.A. SC. (Mech Eng), CISSP

ERE Information Security and Privacy Compliance Auditors

www.ere-security.ca

Tags: , , ,

This entry was posted on Monday, March 1st, 2010 at 4:41 pm and is filed under Internet Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply
Home | Point in Time Audit | Doc Audit/Authorship | 7x24 Monitoring | Knowledge Transfer | ERE Differentiators | About Us | Site map | Contact Us | Blog
Copyrights © 2007-2008. All rights reserved.  Non-security resources 1|2|3|4|5|6|7|8|9

   AddThis Social Bookmark Button