We couldn't find a press release from late 2005 offering McAfee's predictions for the biggest security threats for this year. If the company created such a list then, as it did about a week ago, we bet that mobile viruses either wouldn't be on it or would be pretty low on the list. This time around, mobile viruses made the upper half of the list.
So let's say that mobile viruses are number four, with a bullet -- aimed right at corporate users. The company says that mobile attacks will grow in proportion to the increasing intelligence and connectedness of devices.
The vendor offers interesting commentary on the dangers, with a focus on the potential for cross-contamination between platforms. During 2006, the company says, hackers tried to pass viruses from PCs to phones and phones to PCs. The bad guys achieved workable PC-to-phone contamination, and the expectations are that "primitive" phone-to-PC infections will be improved on next year.
Many troubling things are happening on the mobile security front. Perhaps the biggest overall concern -- and one that we haven't heard too much about -- is cross-contamination. The fast roll out of new platforms creates myriad opportunities for creative hackers and virus pushers.
Some hackers have made careers out of simply attacking Internet Explorer, and the exploits continue today. What does this matter in this context? Think about it: The browser is well understood, and still a security problem. The point isn't that IE security isn't improving -- it clearly is -- but that it's relatively easy for clever people to create problems even with a well-known commodity.
What happens when different platforms -- many of them new -- evolve in parallel and connect on a mobile device? The release mentions Bluetooth, SMS, instant messaging, e-mail, Wi-Fi, USB, audio, video and Web. They likely are awash with opportunity for mischief makers. These dangers will multiply in a synergistic manner when they meet on a smartphone. Indeed, it seems that the bad guys will have the same problem a kid has on his birthday: not knowing which gift to open first.
Though some people think mobile dangers are overhyped, the problems almost certainly will get worse if security isn't the first concern of vendors as they develop their systems and platforms and if protective software doesn't keep pace with the threats, because it's far harder to retrofit a platform with security than to build it from the beginning. It's also important that vendors and designers keep the possibility of cross-contamination in mind, just as doctors have to be aware of the unintended consequences of mixing drugs.