People have been warning for years about the impending doom relating to internet-connected devices.
Viruses coming to a fridge near you! There could be a trojan horse in your fancy new automobile! Oh, the terror!
And on one hand they’re right. Anything which connects to the network from within your environment is a porthole to the outside world, and you need to make sure it is protected.
On the other hand, up to a certain point in time, this sort of attack was way too difficult and not worth the return-on-investment for malware writers.
But things have changed.
Browsers and the powerful web apps they bring with them are standardized across devices and underlying operating systems. People have been predicting the web as the OS, and that time is decidedly here.
A web page on an iPhone looks and works a whole lot like one on a Blackberry device, a Droid handheld or a Windows phone. And that same page looks pretty similar to what you’d see on an iPad or a netbook, which looks pretty much the same as what you’re used to seeing at your desktop at work.
Despite this change, people feel safer using the web on one of these devices that isn’t your traditional Windows PC. Even when the connected device has only the smallest differences from the traditional setup, people act as though they’re invincible.
Everybody knows, only Windows machines get malware, right?
Not so much.
In the last few weeks, a couple of reports have come out which highlight the consequences of this false sense of security, and give us a clear view into the direction malware is headed.
The first was a report by internet security firm Trusteer, discussing the rates at which different types of devices accessed phishing sites. The second was an analysis of the Jnanabot (aka Joonana bot) by Symantec, which categorized infected machines by OS.
Eight times more iPhone users visit phishing sites than Blackberry users, Trusteer found. And three times as many mobile users as desktop users visit phishing sites. At the very least this means that people are better securing their desktops and Blackberries. But almost undoubtedly this also means people think they can’t be harmed by malicious things on their phones.
Meanwhile, there are a disproportionate number of Mac OS X users who comprise the infected user-base of Jnanabot, given the market-share of OS X versus Windows (16 percent of infected users vs a 10 percent market share), according to Symantec.
The thing which comes out loud and clear is that malware authors clearly see which way the technological wind is blowing.
As the web is the OS now, it matters very little (from a security standpoint) what you’re accessing it with. So it is decidedly worth their while to include mobile and Mac versions in their development cycle.
Vulnerabilities are vulnerabilities, and especially in the case of phishing, the biggest vulnerability is the user.
You can secure the ramparts all day long, but if someone’s handing out the keys, it is all for naught.