Why it’s time to worry about mobile security
We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.
Many self-proclaimed prescient persons have been made to look foolish in recent times. The Millenium Bug, bird flu and the end of the world - due today, according to preacher Harold Camping - are just three very recent examples of panic-inducing predictions that turned out to be utterly erroneous.
Looking at the state of mobile malware right now, it would be easy to blast the scaremongers proselytising about the imminent threat it poses. On the surface, looking at the numbers should provide enough ammunition to blow away fears around the mobile threat.
Whilst there are practically innumerable numbers of malware families targeting PCs, Kaspersky had only spotted around 135 mobile species for the whole of 2010. Furthermore, much of the data mobile malware currently steals is seemingly useless. Who cares if their IMEI number is stolen?
A major problem is that cyber criminals haven't found a way to make serious money out of smartphone infections just yet. Malicious hackers would rather spend their time concentrating on pilfering massive quantities of highly valuable information from servers.
Google's OS is looking a little like the bullied school kid of the mobile world. Ironically, it's because of the platform's popularity.
"Hackers have to decide is if it's worth the investment. The return is singular as most phones are only storing data on single users, where the attacks that reap the biggest rewards are the servers storing gigabits of data," said Mark James, technical manager at ESET UK.
"The odd golden nugget' a hacker may find by hacking into a person's mobile device may not necessarily make the investment worthwhile."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Yet despite all of this, for manifold reasons, IT departments and indeed everyone using a smartphone or tablet should really start worrying about the mobile threat.
Number crunching
Looking back at statistics, there is little doubt malware creators have spotted a nascent market ripe for attacking in the near future. There may not be an abundance of mobile malware families, but there is little doubt the numbers are growing exponentially.
Recent figures from G Data showed mobile malware spiked 273 per cent in the first half of 2011, compared with the same period in 2010.
Android is being hit hardest. The amount of Android focused malware spiked 76 per cent in Q2 of 2011, when compared to Q1, McAfee recently found. Of all new mobile malware created in the second quarter, approximately two thirds was aimed at Android. Indeed, Google's OS is looking a little like the bullied school kid of the mobile world. Ironically, it's because of the platform's popularity.
As we have seen at various points this year, actually infecting users is not so difficult. The biggest mobile security story so far were a nasty collection of malicious apps, featuring a piece of malware called DroidDream. It was capable of stealing device details and could even download extra code onto users' devices.
Again, Android was the target. It was feared between 50,000 and 200,000 users had downloaded the rogue apps, placing their data at risk. Google was quick to remotely remove the malicious apps, yet the damage was done: it was clear smartphone owners were a valid target.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.