The mobile security threat is overblown.

Share this article:

FOR

Security software vendors like to bleat about how mobile phones will be the next big target for malware writers. Mobile operating systems are becoming a lot like PCs, they say. PCs have lots of malware. Therefore smartphones will have lots of malware. Security vendors are hoping this will become true so they can sell mobile security software.

However, there is no monoculture for mobile operating systems. There are at least four major mobile operating systems (iPhone, BlackBerry, Android and Symbian) and one minor one (Windows Mobile, which is falling fast). If you are writing malware, which one do you write for? Answer: none of them.

Further, mobile phones have much smaller attack surfaces compared to PCs, with no (or very few) listening network ports. And the operating systems themselves are locked down. As well, most of the demonstrated attacks have been very impractical. For example, the iPhone “malware” that made the rounds several months ago only affected phones that users had jailbroken.

Andrew Jaquith, senior analyst, Forrester Research

AGAINST

Anyone who believes that the mobile malware threat is overblown clearly has no knowledge of the history of the internet and computer industry. Over the last two decades, criminals have taken over phishing, malware, virus and spam distribution. They have consistently targeted every computing device and technology ever introduced and that constant assault has reached pandemic proportions. Add the smartphone. It has become part of the enterprise, is our email and entertainment device, and we conduct banking and other private affairs wherever and whenever we want. Smartphones are just computers that include a telephone. There are nearly 600 million of them worldwide, naked and unprotected. We need to prepare for the inevitable onslaught. Of course, smartphones are going to be the targets of criminals. Any other conclusion is naive, reeks of hubris and merely amplifies the industry's past errors that have cost us all dearly. What if there were 600 million laptops without internet security? Would you call that threat overblown? How is this different?

Rob Smith, CTO & CEO, Mobile Application Development Partners

Share this article:

Sign up to our newsletters

More in Opinions

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.