The iPad will soon have lots of company.
At least 80 tablets or tablet ideas were presented at the Consumer Electronics Show in Las Vegas in January. Companies including Motorola, Sharp, ASUS, Vizio, RIM, iStation and Dell each introduced its own.
Yet how consumers and businesses will use tablets is still in the discovery phase. Will they be used as smartphones ? As laptops? For as-yet undiscovered purposes?
One thing is certain: No matter the brand or the platform, tablets bring a whole new round of security risks to the table.
The primary security threats fall into two categories: loss (including from theft), and third-party apps.
“The form factor of these devices makes them easy to lose and misplace,” explained Nicholas Arvanitis, principal security consultant at South African IT infrastructure giant Dimension Data. “They're also attractive targets for theft -- consider that most consumers control a lot of their lives from these devices and often store credentials (usernames and passwords) for many services on them.”
“Unfortunately, theft or loss of these devices is inevitable,” he added. “The most prudent approach is to configure the device and maintain it with the assumption that at some stage it will be lost or stolen.”
Fortunately, there are several measures one can take to mitigate the impact of a lost or stolen tablet:
— Activate the password lock for accessing the device.
— If the information on the tablet is extremely sensitive, consider activating mandatory “wiping,” or deletion of all data, after a certain number of failed login attempts.
— Likewise, activate remote wipe capability.
— Back up the tablet’s content regularly to a PC or the “cloud.”
— Encrypt data where feasible.
— Don’t use the tablet to store login or password information for other devices or systems.
Apps, of course, are a primary reason consumers are turning to tablets and smartphones, and their low cost and ease of installation and use distinguish them from standard computer applications.
But third-party apps are also the most significant security risk, said Arvanitis.
“Users don't always understand the full implications of randomly installing apps on mobile devices,” he explained. “When an app is downloaded, one is essentially allowing someone else's code to run on their device, with whatever permissions it needs to execute. This has been a long-standing security issue -- running untrusted code on a trusted device is a recipe for disaster.”
Unfortunately, there is no real way for the average user to ensure that an app is safe to download.
The most effective ways to assess whether an app has malware hidden in it are highly technical: either a code review of the application's source code, or a form of static binary analysis to determine the app's behavior while it’s running.
The rapid increase in untested operating system platforms presents an especially big challenge for security specialists trying to secure tablets.
“The operating systems and these devices have recently exploded into popularity,” explained Arvanitis. “Platforms such as iOS and Android have only recently started to garner interest from the security-research community and the attacker base. This results in a clouded perception of the actual level of vulnerability of these devices.”
However, the most basic issue is how security concerns are addressed overall.
Security for smartphones has been very slow to evolve. Phone manufacturers, wireless carriers, OS developers, app developers and retailers tend to try to pass the security buck to someone else – often the end user.
Yet consumers who want to add security measures, such as an antivirus app, don’t have many options to choose among, and most aren’t savvy enough to know which developers are most reputable.
“Mobile-device security should absolutely not be the responsibility of the end user,” said Arvanitis. “Over the years, a myriad of diverse security incidents have proven that the end user is the weakest link in the proverbial security chain.”
But until security becomes a top priority of a tablet supplier or becomes easily available through a wireless carrier, Arvanitis said the key step to increased security of tablets and smartphones (security for these devices is intrinsically linked) is for all parties to become more aware of security needs.
- iPad Security Breach Exposes Thousands of Owners' Email Addresses
- 7 Novel Uses for the iPad
- 7 Online Scams Any Idiot Can Avoid