There is nothing dramatically new in smartphone security.
That doesn't mean that the world is safe for the growing category of gadgets. Quite the opposite: The landscape is growing increasingly dangerous. The growth is more incremental than dramatic, however.
The center still holds due to the oft-cited reality that it is harder for crackers to radically up their game because there are so many operating systems for users to pick from. The absence of a "monoculture," such as Windows in the PC world, makes smartphones inherently less vulnerable. And, just as people are less likely to smoke and are more apt to buckle up when they drive than a generation ago, exhortations to practice safe computing are working.
But danger looms. BusinessWeek outlines the gradual growth of smartphone threats. Writer Olga Kharif points to a creepy application that can be surreptitiously installed on a BlackBerry that can be remotely turned on to eavesdrop on conversations held in its general proximity.
A new area of danger is the application store. These online marketplaces sell third-party products; viruses, worms and other nasties can get through if the company running the show is not careful. Phishing schemes, in which trickery trumps technology in the criminal's tool chest, also are growing as smartphones are used for more varied and value-laden tasks.
CIO.com discusses another emerging area of concern: Smartphones can be used by crackers for denial of service (DDoS) attacks. These attacks, in which an army of machines overloads a server or servers with an overload of commands, usually are thought of in the context of PCs. Smartphones are small computers. Therefore they also are threats to participate in such activities.
There are, of course, major differences between smartphones and PCs besides the monoculture that makes the bigger devices more vulnerable. This good CNN roundup of the smartphone security landscape points out that the bad guys need access to phone numbers for many forms of their mischief. These are harder to get than e-mail addresses. Chalk one up for smartphone security.
On the other hand, it's much easier to physically steal a smartphone than a desktop PC or even a laptop. If the smartphone isn't adequately secured, the data on it is at high risk.
Organizations should constantly think about smartphone security. The challenge for IT folks charged with enacting security measures and advising their bosses on these matters is to walk the tightrope between sky-is-falling pronouncements aimed at goading people into action and denial of the dangers without taking too many false steps.