The next major security gaps in the military's computer networks are likely to be found in the smartphones on which soldiers, sailors and airmen increasingly rely in theater.
The Army may equip every soldier with a smartphone and it has experimented for more than a year with phones and how they might be used at the brigade and below level. The service is seeking NSA certification for iPhones and looking at other ways for them and Android phones to be made secure. But a security briefing today by top research experts at Symantec made clear that both for the military and the general public, security may become a major preoccupation of cell phone users.
Smartphones "are a really rich target," Joe Pasqua, VP for research at Symantec, said in a briefing for reporters today. For example, Android phone applications receive no security screening before they are released, and iPhone apps receive a cursory scrub. Those apps could be loaded with malware "that can take down a cell tower," he said. Currently, Android phone face four known malware threats, he said.
In addition to the possible threat from apps, cell phones can be formed into botnets, remotely controlled computer devices turned into a malicious network that hackers have used to great effect in attacking computer networks. Pasqua was careful to note that no one has yet created a botnet with cell phones, but he says it can be done.
The military has ways to make phones more secure, including encryption. Turning off the voice portion of the phone and only allowing it to use the data network would help, Pasqua said. That way all data transmissions can be encrypted, including voice communications using Voice over Internet Protocol (VoIP). Also, locking the phone and only allowing the use of approved apps would help, the Symantec security expert said. The same thing is often done with company-issued laptops.
The military has struggled for the last few years to plug the many online and physical holes in its networks. Buzz readers will remember the now famous episode of the thumb drives strewn in the Pentagon parking lot which, when attached to a computer, introduced pernicious software that appeared to be a cross between a worm and a virus.