Why it’s time to worry about mobile security

We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.

As the numbers have grown, so has the quality of the malware. Whilst we are yet to see a significant mobile attack, the capabilities are there for cyber criminals to use. In time, these capabilities will only grow in prevalence and sophistication.

"The software attacks will only get worse and the ability to steal the information is already available and in circulation," said James.

As many as 80 per cent of security vulnerabilities are found in browser and related software.

Tom Parsons, senior manager at Symantec Security Response, has already seen a variety of malicious Android software which could hand some truly valuable data to attackers.

"For instance, 27 of the 40 Android malware families we have seen to date have information-stealing capabilities. This includes data such as IMEI etc, and so could be considered less valuable data," Parsons told IT Pro.

"However, a smaller number (15 per cent) have the ability to track the devices and presumably the device owners' location using GPS. Five per cent can actually record your phone calls for an attacker to listen to later on."

Right now, the majority of threats are backdoors, spy programs and premium rate texters. Yet there are other attack vectors hackers will aim their crosshairs at. The browser is one.

"As many as 80 per cent of security vulnerabilities are found in browser and related software, and as smartphones and similar mobile devices basically run browsers, it's only a matter of time for someone to find the right combination of target, vulnerability and exploit," said Philippe Courtot, CEO and chairman of Qualys.

Users don't get it yet

One of the biggest dangers for businesses is the severe lack of understanding amongst end users. Unlike IT departments who are chomping away at their nails in fear of business data going missing, many employees simply do not recognise the value of security on smartphones or tablets.

"What worries me most is that the majority of users still see a smartphone as a phone, not a mini computer. As such, they often don't apply the same logic and security savvyness that they do with their PCs, where lessons have already been learned," said Greg Day, EMEA security CTO and director of security strategy at Symantec.

"An example of this would be DroidDream, which prompts the user that the compromised app needs much higher than expected permissions to the device. In my experience, users are far more willing to say yes' on their smartphone as they see it as a phone and not a computer."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021