Why it’s time to worry about mobile security

We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.

Many self-proclaimed prescient persons have been made to look foolish in recent times. The Millenium Bug, bird flu and the end of the world - due today, according to preacher Harold Camping - are just three very recent examples of panic-inducing predictions that turned out to be utterly erroneous.

Looking at the state of mobile malware right now, it would be easy to blast the scaremongers proselytising about the imminent threat it poses. On the surface, looking at the numbers should provide enough ammunition to blow away fears around the mobile threat.

Whilst there are practically innumerable numbers of malware families targeting PCs, Kaspersky had only spotted around 135 mobile species for the whole of 2010. Furthermore, much of the data mobile malware currently steals is seemingly useless. Who cares if their IMEI number is stolen?

A major problem is that cyber criminals haven't found a way to make serious money out of smartphone infections just yet. Malicious hackers would rather spend their time concentrating on pilfering massive quantities of highly valuable information from servers.

Advertisement - Article continues below
Advertisement - Article continues below

Google's OS is looking a little like the bullied school kid of the mobile world. Ironically, it's because of the platform's popularity.

"Hackers have to decide is if it's worth the investment. The return is singular as most phones are only storing data on single users, where the attacks that reap the biggest rewards are the servers storing gigabits of data," said Mark James, technical manager at ESET UK.

"The odd golden nugget' a hacker may find by hacking into a person's mobile device may not necessarily make the investment worthwhile."

Yet despite all of this, for manifold reasons, IT departments and indeed everyone using a smartphone or tablet should really start worrying about the mobile threat.

Number crunching

Looking back at statistics, there is little doubt malware creators have spotted a nascent market ripe for attacking in the near future. There may not be an abundance of mobile malware families, but there is little doubt the numbers are growing exponentially.

Advertisement - Article continues below

Recent figures from G Data showed mobile malware spiked 273 per cent in the first half of 2011, compared with the same period in 2010.

Android is being hit hardest. The amount of Android focused malware spiked 76 per cent in Q2 of 2011, when compared to Q1, McAfee recently found. Of all new mobile malware created in the second quarter, approximately two thirds was aimed at Android. Indeed, Google's OS is looking a little like the bullied school kid of the mobile world. Ironically, it's because of the platform's popularity.

As we have seen at various points this year, actually infecting users is not so difficult. The biggest mobile security story so far were a nasty collection of malicious apps, featuring a piece of malware called DroidDream. It was capable of stealing device details and could even download extra code onto users' devices.

Again, Android was the target. It was feared between 50,000 and 200,000 users had downloaded the rogue apps, placing their data at risk. Google was quick to remotely remove the malicious apps, yet the damage was done: it was clear smartphone owners were a valid target.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020