Why it’s time to worry about mobile security
We may not have seen a major mobile attack yet, but IT departments should get ready for some serious trouble ahead.
As the numbers have grown, so has the quality of the malware. Whilst we are yet to see a significant mobile attack, the capabilities are there for cyber criminals to use. In time, these capabilities will only grow in prevalence and sophistication.
"The software attacks will only get worse and the ability to steal the information is already available and in circulation," said James.
As many as 80 per cent of security vulnerabilities are found in browser and related software.
Tom Parsons, senior manager at Symantec Security Response, has already seen a variety of malicious Android software which could hand some truly valuable data to attackers.
"For instance, 27 of the 40 Android malware families we have seen to date have information-stealing capabilities. This includes data such as IMEI etc, and so could be considered less valuable data," Parsons told IT Pro.
"However, a smaller number (15 per cent) have the ability to track the devices and presumably the device owners' location using GPS. Five per cent can actually record your phone calls for an attacker to listen to later on."
Right now, the majority of threats are backdoors, spy programs and premium rate texters. Yet there are other attack vectors hackers will aim their crosshairs at. The browser is one.
"As many as 80 per cent of security vulnerabilities are found in browser and related software, and as smartphones and similar mobile devices basically run browsers, it's only a matter of time for someone to find the right combination of target, vulnerability and exploit," said Philippe Courtot, CEO and chairman of Qualys.
Users don't get it yet
One of the biggest dangers for businesses is the severe lack of understanding amongst end users. Unlike IT departments who are chomping away at their nails in fear of business data going missing, many employees simply do not recognise the value of security on smartphones or tablets.
"What worries me most is that the majority of users still see a smartphone as a phone, not a mini computer. As such, they often don't apply the same logic and security savvyness that they do with their PCs, where lessons have already been learned," said Greg Day, EMEA security CTO and director of security strategy at Symantec.
"An example of this would be DroidDream, which prompts the user that the compromised app needs much higher than expected permissions to the device. In my experience, users are far more willing to say yes' on their smartphone as they see it as a phone and not a computer."