BYOD (Bring your own Device) is one of the latest tech fads. Bring in that tablet or smart phone from home and we will hook it right up to our corporate network for you! What a great thing, and the IT staff just loves it too!
But there are some serious concerns about mobile devices. For example in March of this year, Sen. Charles Schumer talked with both Apple and Google over privacy concerns. It seems that some mobile apps were grabbing private photos and contact information and downloading them to servers or other sites – without the user’s permission…
“It sends shivers up the spine to think that one’s personal photos, address book, and who knows what else can be obtained and even posted online without consent,” Senator Schumer wrote in a letter to the FTC.
Listing the permissions that an App wants during install is helpful. For example, on an Android device you are shown what the app wants access to – network access, phone access – but does everyone take the time to read them before they install the latest “gotta have” app? And even though apps are checked before being placed on Apple’s Marketplace, one common tactic that malicious programmers have used is to download malware with app updates.
And it is not just private data concerns that have been raising alarms. What about the video and recording features of smart devices or even the upcoming “Google Glasses”? Sure these are great in emergency situations, but what about at private meetings, secured facilities or around classified information?
An article in June from NY Times mentions some of the techniques that could be used to block smart phone recording features. SpyFinder camera detectors, Google algorithms for un-tagging people in photos, personal infrared and white noise generators are all mentioned.
Smart devices are excellent to use and a great convenience. But do you want them sharing your private contact information or personal photos? Do you really want recording devices and a possible additional malware platform inside your facility?
These are some of the security and privacy concerns that must be considered for both the individual user and the corporate environment.
Cross-posted from Cyber Arms