Zumocast zooms security

The commercials for Droid Bionic talk about remote access to the files on your PC.  They are doing this through a Motorola app named  Zum0cast.  The Zumacast is one of many apps preinstalled on the Driod Bionic.   To get started, I registered for free at Zumocast, and installed their software on my home computer.

When installing the software, I was notified that I didn’t have JAVA which is mandatory, and they offered to install it.   Best practices would probably dictate installing the freshest JAVA from JAVA.com.   Instead they installed 1.6 update 17.   The current release at the time of this writing is update 29.  JAVA didn’t even seem to check for updates after install.   When I opened the JAVA applet in the Control Panel and went to the update tab, it was set to check for updates once a month.   I think it was going to check next around the 23rd.   At least Secunia PSI would have notified me if I hadn’t patched it manually.    The average home user isn’t going to think twice about this.

ZumoCast must be running so you can access the files (music, video, docs) on your system remotely.   When you install you select what directories are published.   I haven’t looked but I suspect they have the app from the desktop and the phone both talk to their servers.  You’re authenticated with username/password and then you can see the published files.   This would just as easily publish my files on the work computer.

How is a security guy supposed to keep up with all the apps like this?   I get it.   The primary method of stopping it is telling the users we dont want our files on their phone.   But it is always better to have a technical means in place.