Fueling the spread of Android threats has been fast-paced growth in the platform’s smartphone market share. The latest research, reported in late August by Port Washington, NY based NPD Group, pegs Android at 52 percent of the smartphone market in Q2. iPhone (iOS) share hit 29 percent. BlackBerry fell to 11 percent. Windows Mobile and webOS logged shares below five percent.
That muscular Android growth has attracted cyber criminals. But so far the damages inflicted have honestly been few. “Android threats have mainly been nuisances but the threats have become more numerous,” elaborated John Engels, an executive in Symantec’s Mobility Group.
That is a bottom line: chatter about Android vulnerability has reached loud volumes but, for the most part, the threats that have been found are more bothersome than devastating. But step one in securing any Android has to be knowing the enemies and Lookout research has identified the prime Android threats.
Leading the criminal parade is what Mahaffey delicately calls “repackaging,” a threat that takes advantage of Android’s open apps distribution policies where basically any site can set itself up as a distribution hub. This has created a thriving malware industry where criminals are taking popular, typically paid Android apps, then inserting malware, and, finally, making the app free (since it is stolen this involves no costs).
“We are seeing much more of this lately,” said Mahaffey who added that Lookout researchers have found cases where criminals have created storefronts that look indistinguishable from the official Android Market. “This can get very tricky,” he said and the clear meaning is that even experienced users need to stay alert to deviant apps distribution centers and prices that simply are too good to be true.
The second big threat to Android users, said Mahaffey, is a fast spread of malware apps (often disguised as something harmless like a media player) that send SMS to premium priced numbers that quickly can rack up sizable charges. These are clever apps, said Mahaffey, because “often they hide the SMS they send from the user.”
Still in its infancy but with enough cases to show up on Lookout’s radar is a mobile botnet network built by malware which creates communications channels into infected phones. Exactly what the end game is not certain, but what is certain is that probably this will cost users and their companies money.
“We are seeing a lot more experimentation in malware revenue models,” said Mahaffey.
A fourth thread, according to Lookout, is a rapid rise in phishing attacks. Although these are cross platform, and not restricted to Android. Early signs are that many users are less cautious, quicker to respond to phishing emails via their phones than they would be were they sitting at a computer.
Bad as all this sounds, Mahaffey actually says there’s good news here, too because “People are starting to realize they need to take precautions when they use an Android phone.”
One precaution: People have to understand that apps should be downloaded only from an approved short-list of sites, suggested Engels. On that list will be Android Market, possibly Amazon’s Appstore, an enterprise’s own Android downloads page if it has one and not much more.
The second precaution: Insist that users install and keep updated an antivirus app, suggested Mahaffey (whose company of course is a leader in that niche but there are many other player getting into that space). Android, unlike Apple’s iOS, allows antivirus apps to run on the phones and so it is wise policy to require their use.
“Android users, when they hear about the many threats, are looking for ways to protect themselves. The tools exist. It’s just a matter of educating users about their choices.”

iPhone Configuration Utility (iPCU) for iOS devices

Apple offers the free iPhone Configuration Utility (iPCU) that runs on Windows and Mac OS X to help configure and manage a variety of network settings for iOS products: the iPhone, iPod Touch, and iPad. Plus it’s how you setup 802.1X in Mac OS X 10.7 Lion since Apple now removed the settings in the OS.
In addition to wireless settings, iPCU can distribute security policies, VPN configuration, MS Exchange and email settings, and digital certificates.
Once you define the settings in iPCU it generates a XML configuration profile that you can create for specific users, groups, or a single profile for all users. Then you can distribute it to users by email or a website. There are a few security options to help prevent the altering of settings or to encrypt the profile to protect the settings and ties it to a specific iOS device. You can also connect devices to the computer running iPCU and install the configuration profiles directly. When a user opens or downloads the configuration profile, they are prompted to start the painless automated configuration.

XpressConnect for Android, iOS & more

To support 802.1X for both iOS and Android, you might consider the XpressConnect solution from Cloud Path Networks. In addition to mobile devices, it has full support for distributing wired and wireless configurations to Windows, Mac OS X, and Ubuntu machines. It supports the main EAP types: PEAP, TTLS, and EAP-TLS.
You define the network settings on the hosted web-based Cloudpath administrative console. In the end, you’ll get a Web interface you can upload to your Web server. This Web interface can serve as the single point to start the configuration process on all the supported devices: Android, iOS, and computers.
Users can visit the website and it will begin the configuration process for their particular device or OS. For Android devices, users will be prompted with a link to install the XpressConnect Android app, which is required for it to configure the settings. For iOS devices, it automatically downloads a .mobileconfig file to automatically configure, just like with the iPCU from Apple.
For PCs, it creates a wizard that you can also download and distribute via other mediums to users. Additionally, it can create MSI installers and supports group policy deployments for managed devices. End users then just have to simply run the wizard and it automatically configures the network and connects.

BlackBerry Enterprise Server for BlackBerry devices

If your organization uses the BlackBerry Enterprise Server or the free BlackBerry Enterprise Server Express, you can use it to distribute Wi-Fi profiles, VPN profiles, and IT policy rules to the BlackBerry devices you manage.
If you don’t have a BlackBerry Server yet, consider installing it on a Windows Server, Windows Small Business Server, or an IBM Lotus Domino server. It also gives employees access to their Exchange or Lotus Domino services from their BlackBerry phones via the cell and Wi-Fi networks. They can wirelessly access and synchronize their email, calendar, contacts, and remotely download, view and edit files stored on your network. Plus, you can distribute BlackBerry Java Applications to the users.
The BlackBerry Server supports distributing Wi-Fi profiles for all the main 802.1X/EAP types: PEAP, EAP-TLS, EAP-TTLS, LEAP, EAP-FAST, and EAP-SIM. Then you can also push any required server or client certificates to the BlackBerry devices over the cell network if you’re using the Enterprise Server. If using the free Express version, you’re limited to using the BlackBerry Desktop Manager installed on the user’s PC to install certificates.
When creating Wi-Fi profiles you can also set additional 802.1X options: Link Security, Hard Token Required, Server Subject, Server SAN, and Disable Server Certificate Validation. Once created, you can push the Wi-Fi profile to the BlackBerry devices by resending the IT policy.
When using the Enterprise Server you can enable the certificate enrollment process of devices through another security policy. Then you can automatically enroll certificates onto the devices from the following certification authorities (CA): RSA, Microsoft standalone, and Microsoft enterprise. When using the Express version of the Enterprise Server, you’d have to inform users on how to use the certificate synchronization tool of the BlackBerry Desktop Manager software installed on their PC or do this for them.

Mobile Wi-Fi security threats

Most Wi-Fi hotspots aren’t encrypted, thus anyone within range can eavesdrop on the data you send and receive from the Internet and your mobile device. The same applies when using a laptop on a hotspot, or your computers at home on your own wireless router if it isn’t encrypted with WEP, WPA, or WPA2 security.
Eavesdropping on Wi-Fi connections isn’t rocket science. It just takes a curious individual with free tools and some spare time. There are many software programs out there that can capture and display your data that’s being transmitting through the air waves.
Some programs show just the raw data packets but some make it much quicker and easier to get to the real prize. For example, some programs such as Firesheep and SniffPass simply listen for and show login credentials to unsecured sites or services, like social networking sites and Web-based or POP3/IMAP email accounts. Some programs such asEffeTechHTTPSniffer can even capture and reassemble the webpages you are viewing and files you transfer.
Though eavesdroppers can capture data packets of your online banking and sensitive transactions when using Wi-Fi, the data is encrypted if it’s secured with SSL (like most sensitive sites are). The eavesdropper just sees a bunch of gibberish. The same goes with other services. For instance, if you check your email through the browser or a client app on the device and it’s secured with SSL, you don’t have to worry.

Combating mobile Wi-Fi security threats

The first line of defense to combat Wi-Fi eavesdroppers is to make sure any sensitive website you login to or service you setup on the phone (like email), is secured with SSL encryption.
If a website connection is secured, the address will begin with https instead of http, and you usually should see a pad lock or other indicator showing SSL encryption is in use. However, the problem is that many popular sites that aren’t highly sensitive still don’t fully use this encryption, such as Facebook, Twitter, Yahoo, and many others.
If you use the device’s email client rather than a website to check your email, open the account settings and ensure SSL encryption is set for both the incoming (POP3 or IMAP) and outgoing (SMTP) servers. Unfortunately, many email providers don’t support encryption.
Remember, not all Wi-Fi hotspots are left unsecured, either. Some larger hotspot networks (such as T-Mobile and iBahn) use WPA/WPA2-enterprise security with 802.1X authentication to secure your wireless connections from eavesdroppers. When using encrypted connections like this you don’t have to worry about local eavesdroppers capturing any of your data, even if you are not using SSL encryption.
Keep in mind: This isn’t the case if the hotspot is secured with WEP or WPA/WPA2-Personal (PSK) as other users on the network can still capture and decode your traffic.
One way to mitigate Wi-Fi security issues is to limit your usage of hotspots completely. When out and about, away from your home or work network, use the cellular data connection instead. Though it’s slower, most cell service providers encrypt the data traffic traveling to and from cell towers and your device. This greatly reduces the chances of an eavesdropper from capturing your traffic and intercepting passwords and sensitive data not already encrypted — and giving encrypted traffic double encryption.

Use a VPN for full security

If you’re really concerned about your mobile Internet security, consider using a Virtual Private Network (VPN) on both your Wi-Fi and cell data connections. When connected to a VPN, all your Internet traffic travels through an encrypted tunnel, guarding it from local eavesdroppers. It protects your traffic and passwords not already encrypted and also gives encrypted traffic double encryption. In addition to encryption purposes, VPNs can also give you secure remote access to files and network resources at work or home.
iOS — iPhone, iPad, and iPod Touch — and Android are two popular mobile platforms that include native VPN support. Most other platforms include some type of VPN functionality but usually require you to have a special server in addition to a VPN server.
For devices that support regular VPN connections, you can use a VPN from work if they provide one or setup your own VPN server at home using Windows or a third-party server. You can also use hosted services, such as from Witopia or try free services: Free Shield VPN or Hotspot Shield.
Remember, encryption is the key to securing your Wi-Fi traffic. Use HTTPS/SSL encryption, try to use secured hotspots, or avoid hotspots altogether by using the data plan. If your device supports VPNs consider using it.
Wi-Fi is only one of the many security concerns you should have about your mobile gadgets. Remember to also regularly backup your device and set a lock-screen or device password. For the best security, consider a mobile platform that has full device encryption, such as iOS or BlackBerry. This will protect the information stored on it from even the most determined hacker.

First, broadband tweaks should be made only after your network is tested and running reliably. Speed tweaks areperformance optimizations only, not designed to fix installation errors or basic network configuration issues.
You should expect broadband tweaks might yield only small speed increases, and then only in certain situations. For example, a tweak to improve the performance of one online game may only benefit that title and then only initially when it is loading. Broadband tweaks may help certain applications like games but at the same time slow down others like Web browsing. In general, assume any performance benefits you obtain may be on the order of 10-20% gain rather than 100-200%.
Finally, speed tweaks also can create instability on some networks. Depending on the type of equipment and Internet service you use, some tweaks will be technically incompatible and need to be avoided.

Types of Broadband Speed Tweaks

The most common broadband tweaks involve adjusting various parameters of the TCP/IP network protocol, typically:

• TCP receive window size
• Maximum Transmission Unit (MTU)
• Maximum Segment Size (MSS)
• Time-To-Live (TTL)

The Microsoft Windows Registry contains default values for TCP/IP parameters. You can apply these speed tweaks to your computers by using a Registry editor or the TCP Optimizer utility (see below) to change some of the default values on each, rebooting the computers each time. Other operating systems like Linux and Mac OS X provide alternative mechanisms to tune TCP/IP parameters.

Another common broadband tweak entails manipulating Web browser settings. For example, suppressing the download of large images saves network bandwidth that can be used instead to download other data faster.
Finally, though less common, a few speed tweaks modify settings on routers and modems. For example, TCP/IP MTU settings can be changed on a broadband router separate from individual computers on the network.

About Web Accelerators for Broadband Tweaks

Speed tweaks have been traditionally applied to the network by an administrator manually, one device at a time, but in recent years software applications have been developed to help automate and maintain tweaks. So-called Internet download accelerators are pre-packaged software programs that automatically apply speed tweaks to a computer. Installing and running an accelerator program will automatically make the Registry, Web browser and other configuration changes. The more sophisticated applications collect information about your computers and network and apply tweaks intelligently to ensure maximum benefit.
While many Web accelerators are designed specifically for dialup networks, examples of accelerator applications useful for broadband are:

• Download Accelerator Plus
• Google Web Accelerator
• Netfury
• ONSPEED

Making Broadband Tweaks Work for You

Because speed tweaks can cause computer and network crashes if made improperly, test each change methodically. If possible, use a proven Web accelerator program rather than configuring tweaks manually, and test each change individually before making the next one. To determine whether a speed tweak is working, use an Internet speed test service to measure your Internet performance before and after making a tweak. In addition, try local file transfers, Web downloads, online games, and other applications you use often to assess whether a tweak makes any noticeable difference. Don’t hesitate to undo a change if you cannot observe any benefit.