Denial, Not Viruses or Worms, is the Biggest Mobile Danger


Though the mobile industry has faced serious security challenges, in general there hasn't been the concerted virus, worm and Trojan attacks that characterize the desktop world. Players in the wireless and cellular ecosystems unaware of the charmed life they have led are in for a rude awakening. Those that aren't in denial are hard at work, preparing for the trials sure to come.


It's good to see the ranks of the deniers shrink. Earlier this month, for instance, two European organizations -- the Open Mobile Terminal Platform group and the Next Generation Mobile Network Alliance -- said that they will work together on security. This piece points out two important points: One is that the groups are rife with important players; the other suggests that the statements accompanying the announcement perhaps are a bit too vague. In any case, the announcement is a positive step.


The sense in the mobile world is that the advent of smartphones is increasing the risks of viruses and worms. Computerworld discusses the iPhone, but the risk is by no means limited to Apple's device. Crackers just have bigger targets to aim at. Indeed, the idea that the multitude of operating systems reduces the danger to the entire segment -- as opposed to a landscape dominated by Windows -- is fading as enterprises settle on one dominant device. This makes them vulnerable to exploits targeting that OS.


The landscape seems to be growing more ominous. Bluetooth and multimedia messaging, for instance, can automatically transfer malware between devices. Exploits are becoming automated to the point that makes even a novice dangerous. This all combines with the great advances the dark side has made in social-engineering attacks to make the growing threats clear.


This is a good overview of the state of mobile security. Though the PCQuest piece is aimed at a consumer audience, much of the discussion clearly pertains to employees, particularly those using their personal device for work. The writer discusses SMS spoofing, which can be used in social-engineering attacks to gain passwords and other valuable data. The piece also discusses voice and text spam and spyware. Finally, the piece describes SIM cloning, which essentially lets the perpetrator send and receive calls intended for the owner's device.


Presented without too much commentary, this CIO Insight piece is an interesting look at how IT managers are securing mobile devices. Perhaps the most interesting element is that installing antivirus software on cell phones and PDAs comes in a distant eighth place, with only 23 percent of 237 respondents opting for the approach. The top three choices were requiring VPNs (73 percent), allowing only IT departments to configure devices (68 percent) and requiring passwords (62 percent).


The good news is that the industry and even the general public increasingly are aware of the issues. During the past few months, several articles have appeared that in one way or another discussed the risks. The very headlines of the stories -- "Cyber Criminals to Target Mobiles" from the BBC, "Mobile Viruses, a Ticking Bomb" from the Malaysian site The Star Online and "Mobile Threat Still Low, but Will Grow" from ZDNet Asia -- all point out that mobility is considered the next great security battleground.