User Blogs

User Blogs

Discussions and Blogs

Apr 22
2011

Should You Worry About Smartphone Security?

Posted by: Robert Siciliano in MyBlog

Tagged in: mSecurity

Robert Siciliano

Every industry involves four main parties. There are, most obviously consumers and manufacturers. There are also those who provide services or supplies to the manufactures, or produce peripheral products that work in tandem with the original product. Finally, there are the watchdogs, keeping tabs. Watchdogs are usually either government regulators or third party nonprofits.

IBM predicts rising mobile threats, critical infrastructure attacks in 2011.

As reported by BoingBoing, former Google Android security framework engineer Chris Palmer, who is now technology director of the nonprofit Electronic Frontier Foundation, addresses the risks posed by mobile operating system manufacturers’ lax approach to security:

“Mobile systems lag far behind the established industry standard for open disclosure about problems and regular patch distribution. For example, Google has never made an announcement to its android-security-announce mailing list, although of course they have released many patches to resolve many security problems, just like any OS vendor. But Android open source releases are made only occasionally and contain security fixes unmarked, in among many other fixes and enhancements…

Android is hardly the only mobile security offender. Apple tends to ship patches for terrible bugs very late. For example, iOS 4.2 (shipped in early December 2010) contains fixes for remotely exploitable flaws such as this FreeType bug that were several months old at the time of patch release. To ship important patches so late is below the standard set by Microsoft and Ubuntu, who are usually (though not always) much more timely. (For example, Ubuntu shipped a patch for CVE-2010-2805 in mid-August, more than three months before Apple.)”

Other industry leaders disagree. CIO.com’s Bill Snyder has stated:

“I was sitting in the middle of one of the most security conscious crowds you’d ever come across—about 200 computer security professionals listening to a high-powered panel on mobile security threats at the RSA Conference in San Francisco last week. And you’d think that after nearly 90 minutes of discussion, I’d leave the room all a twitter (pardon the pun) and scared that my iPhone was about to go rogue. Not at all. In fact, I left feeling a lot more relaxed about the security of my smartphone, and a little more skeptical about the barrage of hacker warnings to which we’ve all been subjected.”

Ed Amoroso, chief security officer of AT&T, said:

“Day-to-day mobile threats haven’t (yet) caused much harm.”

Ian Robertson, security research manager for BlackBerry developers  Research in Motion, said:

“I can count on one hand the pieces of (mobile) malware I’ve seen installed.”

And here’s Paul Smocer, who is in charge of technology at the banking trade group The Financial Services Roundtable:

“I have begun to use mobile banking myself, yes. We haven’t seen a whole lot of malicious software yet. Part of that relates to the fact that there are so many different manufacturers and operating systems in the mobile world. But part of it, I think, is also to do with the fact that this is a relatively new environment, and unfortunately, crime follows growth.”

The truth, of course, lies in the middle. While the mobile security industry isn’t exactly under siege, there is clearly more work to be done. It’s smart to invest in antivirus protection for your mobile phone, keep its operating system updated, and be cognizant of how you use you phone, so that you can avoid putting your data at risk.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto.

Trackback(0)
Comments (0)add comment

Write comment

busy

Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless