Tech Report: Fmr White House security guru worries about US smartphones



Posted on February 25, 2010 at 1:21 PM

For the want of a smartphone app, a kingdom was nearly lost - the kingdom, in this case, being the United States.

That was the basic premise behind the big cybersecurity exercise staged last week in Washington D.C. It was called "CyberShockwave," and it was a war game depicting a combination of web-based assaults and physical attacks on the U.S. information infrastructure. The scenario began with a lot of Americans downloading a fictional popular smartphone application tied to NCAA "March Madness." The app was actually a malware-delivery mechanism that was designed to bring down cellular networks, financial institutions and ultimately the Internet itself.

Joe Hagin, chairman of SMobile Systems Inc. and head of Command Group Consulting, was in D.C. for the exercise, and for good reason. Before he joined the private sector, he spent 2001-2008 in President George W. Bush's administration as deputy chief of staff for operations. That meant he was responsible for making sure all the people using cell phones and personal digital assistants (PDAs) in the Bush White House were doing so in a secure manner.

"The intelligence agencies had been pretty firm prior to Sept. 11 - no BlackBerrys or PDA's in the White House for security reasons," Hagin told me in a phone interview. "We decided the need to communicate superseded the need for using devices that were deemed to be vulnerable. So we made the decision to deploy BlackBerrys - first 50 in the first go-round, then around 200. Pretty soon PDAs were pushed out all through the executive branch."

With that communications convenience came security challenges, especially on most overseas trips. The White House staffers would have to disable their blackberries - pull the batteries out and leave them on the plane to avoid signal interception or malware installation.

"We started looking desperately for solutions to all that, and I assume it's an ongoing problem today. I think they (the Obama administration) are running into the same frustrations that we had run into with the previous administration. The president does have a BlackBerry," Hagin said, "and they've kept it very quiet as to what technology it has on it. We're assuming they're testing it frequently and beyond that we really don't know. If I were still in the White House, I wouldn't want anybody to know what technology we were using on the President's device. There are lots of people trying to figure out how to hack it."

That's why Hagin believes the federal government has been more pro-active with smartphone security than the private sector, which is not usually the case. In most security cases, corporations are the ones leading the way, but Hagin thinks the rise of mobile banking in North America - Asia now leads the way in this category - as well as more smartphones being pushed out in the business world will necessitate more security solutions.

"If you're a smart CTO (chief technology officer) or CIO (chief information officer) of a big company, you would never dream of today of having a PC or laptop naked out there without some serious protection around it," Hagin said. "And yet there are a lot of people, a majority of people who are walking around with very sophisticated mobile devices and nobody ever thinks about hanging any anti-virus or anti-malware protection on it." 

Hackers using malware that's not hard to find online can remotely take over smartphones and turn on microphones and cameras; they can track keystrokes, intercept SMS (short message service) and texts, and can rake in the cash by using premium SMS services while sticking you with the bill.

Hagin says consumers can start getting smarter about smartphones by asking about anti-virus and anti-spam protection when they go into a retail store or carrier outlet shopping for a new handset. A public relations representative for Bellevue-based T-Mobile told me that the carrier has put filters into its network to help block and detect mobile spam, and those filters are updated regularly. They also steer users to their Customer Care service for help in blocking text spam - which can contain malware - from certain email addresses. And Flexpay/Postpaid customers have more blocking options available.

Hagin's company, SMobile Systems, has a partnership with British Telecom that results in smartphones being sold with antivirus software embedded in them. "BT is also using it as a way to protect their systems." And consumers are finding more reasons to get pro-active, such as protecting their children. "Sexting has become such a big issue and a dangerous issue."

Hagin says you can expect to see more third-party companies popping up offering independent protection for smartphones. "We've noticed a huge increase in interest in just the last yearm, and I think CyberShockwave opened a lot of people's eyes, probably more so on the enterprise side."

Let's hope all the parties involved  can make everybody's device as secure as the President's smartphone.

Also in KING5's Tech Report...

A company in Woodinville wants to turn your iPhone into a universal remote, Zillow tweaks its iPhone app and Nintendo plays the e-reader game. Please click on the video segment above for more on all these stories, and be sure to join us every Thursday from 7-8 a.m. on the KING5 Morning News for the latest on local technology industry coverage.