Mobile Security is getting hype

Posted by in Mobile

Mobile devices are small computers, that’s now granted. For years now some companies have foreseen that those devices will be target to security threats (F-Secure launched its first Mobile AV for Symbian in 2004 (and was well demoed with the Skull Virus – see pic to the side). Now quite a few players have joined the race with traditional security providers like AVG (through the purchase of DroidSecurity), McAffee (trhough the purchase of tenCube) and new independent players such as Lookout.

The threats have evolved also, we can now see that with the devices being sandboxed, the risk is not so much to get your phone infested with a virus replicating itself in every file than to have a malicious software access your personal data to replicate on your friend’s phones or pass unauthorized calls to premium phone numbers.

Main mobile threats :

  • Malicious apps : unauthorized phone calls / text messages, access to private data. Unfortunately most devices and OSes aren’t AV friendly and won’t grant privileges to a software to exit its sandbox to analyze software for threats signatures. Thus AVs are only limited to application reputation to identify potential threats…
  • Phishing : on a mobile device it’s even harder to distinct a forged copy of a website from it original self (now link preview, limited graphics…). Same goes with the emails where there is less info than in regular email clients to preview links
  • SMS Spam : “someone sent you a voicemail, call and dial #123# to listen to it” : this kind of SMS Spam is tough to monitor and prevent
  • Theft : stealing a mobile phone (or just loosing it) can be very easy  : many vendor have anti-theft / lock & wipe features to prevent that. Not to mention the backup that will prevent your files from being lost !

Lookout has recently announced it has passed the 1M user mark, but I’m pretty sure the market is still at its infancy. The OS manufacturers and Phone vendors were targets for very few attacks, but now that a few major Smartphones platforms have emerged such as Android and iOS, this creates a critical mass which makes it worth it for hackers to invest and start looking for breaches. And there’s no doubt they *will* find breaches (proof is hackers keep on jailbreaking every new iOS version as it gets released).