From the Security Experts

October 15, 2010

New Mobile Security Issues Growing?

By Contributing Editor

This year, the number of post-PC devices, such as tablets, eReaders, and Internet-capable mobile phones, will eclipse PC devices, such as desktops, laptops, and netbooks, said Andrew Jaquith, Forrester Research senior analyst. 

That should have many and widespread implications for consumer and business users of those devices, for one simple reason. Most of us would not think to run our PCs without firewalls, anti-virus and other security measures. But how many of us actively use such protections on our smartphones, tablet PCs, iPod Touch and other devices able to use the Internet, and therefore subject to attacks launched against Internet-connected devices?

To be sure, this is a problem that does not generally seem to have reached dangerous proportions. Although security experts discover hundreds of new strains of malicious code targeted at PCs every day, they've detected only 67 directed at smartphones in all of 2010, said Sean Sullivan, security adviser for the North American labs of F-Secure. 

And one might argue that the use of Linux-derived operating systems, plus the way they are implemented on a mobile device, limits the value of any attempted attack. Android's Linux operating system apparently runs applications in compartmentalized ways.

Each application runs within an "application sandbox," a virtual-machine environment where the program is unable to mess with other programs on an Android device, according to Rich Cannings, Android security leader. 

Applications are given access to the parts of the system that they need, but they're blocked off from other parts of the system.

Jeff Wilson, a principal analyst at consultancy Infonetics Research, expects global revenues from smartphone security software to rise from $219 million last year to nearly $1.4 billion by 2013. 

Indeed, such concerns might explain why Intel spent $7.7 billion to buy McAfee. "The smartphone OS will become a major security target," said Cannings. 

Enterprises, to be sure, have some ability to protect some devices capable of communicating with internal resources. But the level of protection from Web and Internet threats likely is not as developed. Consumers, on the other hand, have no protection other than that provided by the applications, websites and mobile service providers. There is no universal equivalent of a PC security suite for mobile devices. 

One suspects that will have to change as more non-PC devices are used by consumers and workers, though some non-PC devices might have levels of protection provided by episodic or less-intensive use, fragmented operating system environments, devices and browsers. Up to this point, mobile phones haven't typically contained as much information valuable to would-be hackers, either. 

That should change, though, and many believe mobile will be the next big growth area for security software. Norton, for example, makes a security app available for Android that adds a remote "wipe" function. 

Gary Kim is a contributing editor for TMCnet. To read more of Gary’s articles, please visit his columnist page.

Edited by Tammy Wolf