Why it’s time to worry about mobile security

We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.

As the numbers have grown, so has the quality of the malware. Whilst we are yet to see a significant mobile attack, the capabilities are there for cyber criminals to use. In time, these capabilities will only grow in prevalence and sophistication.

"The software attacks will only get worse and the ability to steal the information is already available and in circulation," said James.

As many as 80 per cent of security vulnerabilities are found in browser and related software.

Tom Parsons, senior manager at Symantec Security Response, has already seen a variety of malicious Android software which could hand some truly valuable data to attackers.

Advertisement - Article continues below

"For instance, 27 of the 40 Android malware families we have seen to date have information-stealing capabilities. This includes data such as IMEI etc, and so could be considered less valuable data," Parsons told IT Pro.

"However, a smaller number (15 per cent) have the ability to track the devices and presumably the device owners' location using GPS. Five per cent can actually record your phone calls for an attacker to listen to later on."

Right now, the majority of threats are backdoors, spy programs and premium rate texters. Yet there are other attack vectors hackers will aim their crosshairs at. The browser is one.

"As many as 80 per cent of security vulnerabilities are found in browser and related software, and as smartphones and similar mobile devices basically run browsers, it's only a matter of time for someone to find the right combination of target, vulnerability and exploit," said Philippe Courtot, CEO and chairman of Qualys.

Users don't get it yet

One of the biggest dangers for businesses is the severe lack of understanding amongst end users. Unlike IT departments who are chomping away at their nails in fear of business data going missing, many employees simply do not recognise the value of security on smartphones or tablets.

"What worries me most is that the majority of users still see a smartphone as a phone, not a mini computer. As such, they often don't apply the same logic and security savvyness that they do with their PCs, where lessons have already been learned," said Greg Day, EMEA security CTO and director of security strategy at Symantec.

"An example of this would be DroidDream, which prompts the user that the compromised app needs much higher than expected permissions to the device. In my experience, users are far more willing to say yes' on their smartphone as they see it as a phone and not a computer."

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019