On March 1, news broke that the Google Android Market had posted applications with malware that could gain root access or control over infected devices. Later it confirmed that 58 applications contained the malware that 260,000 devices downloaded. The free applications include items that sound like they have business or features to enhance productivity like “Advanced File Manager”, and games like “Magic Hypnotic Spiral.”
Google believes that there was no exposure of users’ personal data or account information, but the phones’ 15-digit International Mobile Equipment Identity (IMEI number), may have been compromised. It is using a “remote kill” function to remove the malicious applications from affected Android devices, and providing automated security updates to infected devices to remove the rootkit. Affected users will also receive e-mails, notifying them of this information. Ironically, the most recent versions of the Android operating system stop the malware, but most Android devices run older versions of the operating system. Google must rely on carriers and hardware manufacturers to deploy the operating system upgrade which will patch the security hole.
This incident highlights an important milestone. The volume of smartphones is reaching a tipping point that makes them attractive to hackers and target for attacks. In addition to work disruptions and security, managers need to consider the impact that malware can have on wireless expenses. Often hackers will use malware to spread the infection by taking control of the device and send messages to other users in the infected devices’ address book. In other cases, the malware may send text messages to buy new services, dial into phone numbers that expose the user to high charges, or download material from sites that charge fees to the user’s mobile account.
As organizations allow employees more choices in the smartphones and tablets that they can use at work, managers need new tools to monitor spending. Wireless Expense Management (WEM) reports provide dashboard reporting that highlight spikes and variances in charges. WEM programs can also distribute usage reports directly to employees and their managers to help augment security and policies designed to limit malware. As mobile technology moves from a closed walled environment to an open environment, organizations need to add controls to prevent runaway expenses from malware.
