Ultimate Status of Mobile Device Security Still Unknown

Carl Weinschenk
Slide Show

Smartphone Security: Alarming Complacency Among Mobile Users

Most consumers are unaware of the security risks associated with their smartphones.

At one time, one of the consistent themes in security circles was that the ultimate day of reckoning for mobile devices was in the future. Things would either be tolerable or truly horrific, as they were during the worst onslaught of attacks on desktop PCs. You could look through the crystal ball from two perspectives:

  • There are just as many smart bad guys out there as there were during the heyday of attacks on PCs. These folks would take up the bad fight and go after mobile devices once the money on the table was piled high enough. And, with the explosion of smartphones, app stores and the like during the past few years, that pile now is as high as it is for the winner of ESPN's World's Series of Poker. So, when the malcontents fully turn their attention to tablets and smartphones, the results won't be pretty.

  • Things will never get to be as bad as it is in the PC world. There are three reasons for this more upbeat assessment: The folks in the underlying technologies learned a lot from the wired world and construct things in a way that makes it more difficult for the crackers. Related to that is the fact that the mobile world simply evolved differently. Instead of the "monoculture" of Microsoft Windows, there are several thriving operating systems whose diversity makes it more difficult for the dark side. Finally, people have learned and are more likely to protect their devices.

This is the place where any self-respecting blogger writes that there is truth in both assessments and that the reality lies somewhere in the middle. Okay, well, there is and it does.

The security firm Lookout sheds some light on the issue as it stands today, at least as far as Android is concerned. Its Mobile Threat Report offers data from 700,000 applications and 10 million devices. The report paints a rather gloomy picture. Thirty percent of Android users are likely to encounter a Web-based threat annually; infected apps rose from 80 in January to more than 400 last month. There is more in the blog. This sums it up:

Attackers are deploying a variety of increasingly sophisticated techniques to take control of the phone, personal data, and money. Additionally, malware writers are using new distribution techniques, such as malvertising and upgrade attacks.

Last month, Network World recruited Linda Musthaler, a principal analyst with Essential Solutions Corporation, to look at a long white paper prepared by Symantec on mobile device security. (The paper is here.) Musthaler describes what is in the document, which apparently doesn't say which mobile operating system is better. But, clearly, she agrees that we are well into an era of increasing danger:

While these mobile operating systems were explicitly designed with security in mind, both iOS and Android devices are still vulnerable to many categories of attacks. Though we may call the devices phones, they are really powerful computers, and they are vulnerable to some of the same problems as any other computer. For example, did you ever consider that your smartphone could become a node on a botnet where it can be used to relay spam email or participate in a DDoS attack? Yep, it happens.

InformationWeek offers five pieces of advice on securing smartphones: Lock them, use only known and trusted application stores, "scrutinized every app download," be vigilant when a strange text or email is received and use security software.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.