Why it’s time to worry about mobile security
We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.


As the numbers have grown, so has the quality of the malware. Whilst we are yet to see a significant mobile attack, the capabilities are there for cyber criminals to use. In time, these capabilities will only grow in prevalence and sophistication.
"The software attacks will only get worse and the ability to steal the information is already available and in circulation," said James.
As many as 80 per cent of security vulnerabilities are found in browser and related software.
Tom Parsons, senior manager at Symantec Security Response, has already seen a variety of malicious Android software which could hand some truly valuable data to attackers.
"For instance, 27 of the 40 Android malware families we have seen to date have information-stealing capabilities. This includes data such as IMEI etc, and so could be considered less valuable data," Parsons told IT Pro.
"However, a smaller number (15 per cent) have the ability to track the devices and presumably the device owners' location using GPS. Five per cent can actually record your phone calls for an attacker to listen to later on."
Right now, the majority of threats are backdoors, spy programs and premium rate texters. Yet there are other attack vectors hackers will aim their crosshairs at. The browser is one.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"As many as 80 per cent of security vulnerabilities are found in browser and related software, and as smartphones and similar mobile devices basically run browsers, it's only a matter of time for someone to find the right combination of target, vulnerability and exploit," said Philippe Courtot, CEO and chairman of Qualys.
Users don't get it yet
One of the biggest dangers for businesses is the severe lack of understanding amongst end users. Unlike IT departments who are chomping away at their nails in fear of business data going missing, many employees simply do not recognise the value of security on smartphones or tablets.
"What worries me most is that the majority of users still see a smartphone as a phone, not a mini computer. As such, they often don't apply the same logic and security savvyness that they do with their PCs, where lessons have already been learned," said Greg Day, EMEA security CTO and director of security strategy at Symantec.
"An example of this would be DroidDream, which prompts the user that the compromised app needs much higher than expected permissions to the device. In my experience, users are far more willing to say yes' on their smartphone as they see it as a phone and not a computer."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Asus ZenScreen Fold OLED MQ17QH review
Reviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
By Sasha Muller
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto Networks
Case study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
By Rory Bathgate
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
By Ross Kelly
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
By Connor Jones
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
By Danny Bradbury
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
By Rene Millman
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform
By Praharsha Anand
-
Neiman Marcus data breach hits 4.6 million customers
News The breach took place last year, but details have only now come to light
By Rene Millman
-
Indiana notifies 750,000 after COVID-19 tracing data accessed
News The state is following up to ensure no information was transferred to bad actors
By Rene Millman
-
Pearson fined $1 million for downplaying severity of 2018 breach
News The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
By Rene Millman