An Upbeat Mobile Security Post!

Carl Weinschenk
Slide Show

Smartphone Security Gaps

Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.

This is a rarity: An upbeat post on a security-related matter.

CIO writer Bill Snyder reported from the RSA Conference that the concerns about mobile security, while justified, are overhyped. For one thing, said Research In Motion's Ian Robertson, only a handful of pieces of malware have actually shown up. Snyder also cited the words of a Research In Motion executive along the same lines. Concluded Snyder:

I want to be careful not to give the impression that there is no security threat to you as a user of wireless. There is. The panelists I heard all predicted that threats and exploits will emerge over the next few years. But the takeaway from my visit to RSA is this: be careful, but it's not nearly as dangerous out there as you might think. Not yet.

The best news, perhaps, is that the good news isn't accidental. The world of telecom hasn't just been lucky. The three reasons Snyder gives:

  • Mobile doesn't have a "monoculture"-a wildly dominant, Windows-type operating system-for which the bad guys to aim at.
  • Mobile architectures tend to be more closed and therefore harder for crackers to read.
  • The popularity of apps forestalls the direct execution of code, a common way of introducing malware into a device. Downloaded apps also increase the odds that the bad digital apples will be caught because of the need for users to grant various permissions before it runs.


Not all the news is good even in an upbeat story. Network World reports that a new variant of the Zeus Trojan is targeting Windows Mobile phones. The piece notes that Symbian and BlackBerry devices were attacked in September. The story has the details, which don't make the situation seem too dire. Here is the most important paragraph, which is based on information from Kaspersky:

It's a man-in-the middle attack. The trojan, dubbed Zeus in the Mobile, is itself a variant of a trojan for Windows (a file identified as Trojan-Spy.Win32.Zbot.bbmf). Users are exposed to Zeus either by visiting an infected Web site, or by first being attacked on the PC. Once infected, users are asked to enter their cell phone number and smartphone model for a certificate update' ...

PC World also had a report from RSA. The bottom line, despite a semi-alarmist headline ("Your Smartphone: The Next Big Security Headache"), the piece contained no smoking gun on the state of smartphone insecurity. As has been the case for the past couple of years, the story presented much hand-wringing about the future, but no proof of problems today. Concerns included Android's openness, alternative app stores with poor security oversight and simply lost phones.

The bottom line is that there is no crisis in smartphone security. That doesn't mean one isn't coming and certainly doesn't mean that people should stop preparing. Unlike many security stories, the good news here is that all the news isn't bad.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.