No 100 Percent Guarantees But Mobile Communications Can Be Safe: IBM Security Chief

The reason -- like traditional private networks on computers, mobile networks can be securely managed, said Caleb Barlow, IBM director for application, data and mobile security. But their administrators need to take all the steps they take now to protect their existing terrestrial systems and then think of dangers.

“There are 7 billion people in the world now and 5 billion cell phones,” he said, “and in a year or two, all will be smartphones. That’s 5 or 6 billion smartphones that can be hacked, which means that’s three times the current threat landscape.”

Thousands of popular apps consumers download from Google Inc. (NASDAQ:GOOG) and Apple Inc. (NASDAQ:AAPL) are loaded with malicious software, or malware, including popular games like “Angry Birds” from Rovio Entertainment, the IBM security expert added. As well, hackers can use the cameras on a smartphone “to inject code” so that it can monitor what consumers are looking at or what barcodes they photograph.

For IBM, in Armonk, N.Y., the problem got bigger Thursday, when the computer giant announced a global program called “MobileFirst” to add mobile services to its already huge terrestrial communications business. It also broadened that to include cloud services with its partner AT&T (NYSE:T), with which it signed a major partnership deal last October.

Barlow said clients can be confident their communications will be safe to the fullest extent possible. But they’ll have to take steps to ensure security at all times. One big headache will be personal devices like iPads, he said, which executives want to use to tap into their company networks, as well as use at home.

New security software can secure the corporate data, Barlow said, as well as create a virtual private network on an employee smart phone. For example, an IBM employee might use the phone for work but personal data and traffic will be excluded, he said.

That private data could disclose information to a company about an employee’s romantic life or religion, he said, and potentially be sought by lawyers in a divorce case, for example.

The information officers of mobile clients will need to implement security policies, Barlow said, to prevent unsecure downloads of apps and unauthorized links to company networks. Security software for mobile networks is available now from IBM, as well as from other providers including Citrix Systems Inc. (NASDAQ:CTXS) and LANDesk Software, that can handle the problem.

Nevertheless, Barlow said new threats, notably including the hacking of Apple’s OS X server, which had previously been relatively secure, as well as the documentation of attacks on U.S. sites by China’s People’s Liberation Army, mean security experts will have to remain vigilant, keep devising new solutions and guard against the weak links, careless or negligent individuals.

A major credit card site was hacked last year after cyber attackers hit New York city taxis that have meters that accept credit cards, Barlow said. After enough hacking, they obtained source code to get user IDs, then were able to break into the credit card site itself and steal private information.

Similarly, cyberattackers seeking to infiltrate a nuclear plant are unlikely to target engineering employees, he added. “They go after the food service,” then infiltrate into higher levels.

IBM, he said plans to double its investment in mobile communications, including security, this year, and keep working with counterparts in the relatively small computer security community. “It’s not just about one product, it’s more about the cadence,” Barlow added.

Shares of IBM rose $1.66 to $199.99 in Friday afternoon trading. They’ve gained about 4.5 percent since Jan. 2.