Why it’s time to worry about mobile security

We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.

Mobile security

As the numbers have grown, so has the quality of the malware. Whilst we are yet to see a significant mobile attack, the capabilities are there for cyber criminals to use. In time, these capabilities will only grow in prevalence and sophistication.

"The software attacks will only get worse and the ability to steal the information is already available and in circulation," said James.

Advertisement - Article continues below

As many as 80 per cent of security vulnerabilities are found in browser and related software.

Tom Parsons, senior manager at Symantec Security Response, has already seen a variety of malicious Android software which could hand some truly valuable data to attackers.

"For instance, 27 of the 40 Android malware families we have seen to date have information-stealing capabilities. This includes data such as IMEI etc, and so could be considered less valuable data," Parsons told IT Pro.

"However, a smaller number (15 per cent) have the ability to track the devices and presumably the device owners' location using GPS. Five per cent can actually record your phone calls for an attacker to listen to later on."

Right now, the majority of threats are backdoors, spy programs and premium rate texters. Yet there are other attack vectors hackers will aim their crosshairs at. The browser is one.

Advertisement
Advertisement - Article continues below

"As many as 80 per cent of security vulnerabilities are found in browser and related software, and as smartphones and similar mobile devices basically run browsers, it's only a matter of time for someone to find the right combination of target, vulnerability and exploit," said Philippe Courtot, CEO and chairman of Qualys.

Advertisement - Article continues below

Users don't get it yet

One of the biggest dangers for businesses is the severe lack of understanding amongst end users. Unlike IT departments who are chomping away at their nails in fear of business data going missing, many employees simply do not recognise the value of security on smartphones or tablets.

"What worries me most is that the majority of users still see a smartphone as a phone, not a mini computer. As such, they often don't apply the same logic and security savvyness that they do with their PCs, where lessons have already been learned," said Greg Day, EMEA security CTO and director of security strategy at Symantec.

"An example of this would be DroidDream, which prompts the user that the compromised app needs much higher than expected permissions to the device. In my experience, users are far more willing to say yes' on their smartphone as they see it as a phone and not a computer."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/business/policy-legislation/356256/uk-invested-about-ps500m-in-wrong-gps-satellites
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020
Visit/security/34616/the-top-password-cracking-techniques-used-by-hackers
Security

The top 12 password-cracking techniques used by hackers

12 Jun 2020