Smartphone Security: Alarming Complacency Among Mobile Users
Most consumers are unaware of the security risks associated with their smartphones.
At one time, one of the consistent themes in security circles was that the ultimate day of reckoning for mobile devices was in the future. Things would either be tolerable or truly horrific, as they were during the worst onslaught of attacks on desktop PCs. You could look through the crystal ball from two perspectives:
This is the place where any self-respecting blogger writes that there is truth in both assessments and that the reality lies somewhere in the middle. Okay, well, there is and it does.
Attackers are deploying a variety of increasingly sophisticated techniques to take control of the phone, personal data, and money. Additionally, malware writers are using new distribution techniques, such as malvertising and upgrade attacks.
Last month, Network World recruited Linda Musthaler, a principal analyst with Essential Solutions Corporation, to look at a long white paper prepared by Symantec on mobile device security. (The paper is here.) Musthaler describes what is in the document, which apparently doesn't say which mobile operating system is better. But, clearly, she agrees that we are well into an era of increasing danger:
While these mobile operating systems were explicitly designed with security in mind, both iOS and Android devices are still vulnerable to many categories of attacks. Though we may call the devices phones, they are really powerful computers, and they are vulnerable to some of the same problems as any other computer. For example, did you ever consider that your smartphone could become a node on a botnet where it can be used to relay spam email or participate in a DDoS attack? Yep, it happens.
InformationWeek offers five pieces of advice on securing smartphones: Lock them, use only known and trusted application stores, "scrutinized every app download," be vigilant when a strange text or email is received and use security software.