The mobile security threat is overblown.

Share this article:

FOR

Security software vendors like to bleat about how mobile phones will be the next big target for malware writers. Mobile operating systems are becoming a lot like PCs, they say. PCs have lots of malware. Therefore smartphones will have lots of malware. Security vendors are hoping this will become true so they can sell mobile security software.

However, there is no monoculture for mobile operating systems. There are at least four major mobile operating systems (iPhone, BlackBerry, Android and Symbian) and one minor one (Windows Mobile, which is falling fast). If you are writing malware, which one do you write for? Answer: none of them.

Further, mobile phones have much smaller attack surfaces compared to PCs, with no (or very few) listening network ports. And the operating systems themselves are locked down. As well, most of the demonstrated attacks have been very impractical. For example, the iPhone “malware” that made the rounds several months ago only affected phones that users had jailbroken.

Andrew Jaquith, senior analyst, Forrester Research

AGAINST

Anyone who believes that the mobile malware threat is overblown clearly has no knowledge of the history of the internet and computer industry. Over the last two decades, criminals have taken over phishing, malware, virus and spam distribution. They have consistently targeted every computing device and technology ever introduced and that constant assault has reached pandemic proportions. Add the smartphone. It has become part of the enterprise, is our email and entertainment device, and we conduct banking and other private affairs wherever and whenever we want. Smartphones are just computers that include a telephone. There are nearly 600 million of them worldwide, naked and unprotected. We need to prepare for the inevitable onslaught. Of course, smartphones are going to be the targets of criminals. Any other conclusion is naive, reeks of hubris and merely amplifies the industry's past errors that have cost us all dearly. What if there were 600 million laptops without internet security? Would you call that threat overblown? How is this different?

Rob Smith, CTO & CEO, Mobile Application Development Partners

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.