Do we really have to worry about security for our mobile devices?

After recently automatically renewing the internet security package for my PC, I was hit by an old style virus that required a full scan and clean up of my PC system. It did occur to me that it was a happy coincidence timing wise as I was thinking about the expense relative to the reduced use of the PC in our household and the ever increase in mobile devices. The two leading internet security provides – Symantec and McAfee – do also provide limited protection for your mobile devices as part of their main security package although the cost of the pure mobile offerings are cheaper.

It did get me thinking about security on mobile devices. I just assumed that as most mobiles use apps that are vetted by their respective platform providers the exposure to viruses and malware was not as prevalent. A recent article from Fortune on a mobile security company called Lookout, which provides a free mobile security app, provided some interesting statistics on the possibility of encountering at least one security threat over a 7 day period by country (data collected from January to May 2013), as reproduced below.

click to enlargePhone Hacking Statistics Source LookOut

Another start-up in the mobile security space, Bluebox, claimed to have found vulnerability in Android’s security model that allows a hacker to modify code without breaking an application’s cryptographic signature and thereby a hacker could potentially turn any legitimate application into a malicious Trojan. Of course, it’s in a mobile security company’s interest to hype up the danger. There are many companies with products in this market – besides those already mentioned; there are Avast, F-Secure, Kaspersky, Webroot and TrustGo, to name but a few.

Researchers from Northwestern University and North Carolina State University published a paper in March 2013 entitled “Evaluating Android Anti-malware against Transformation Attacks” and concluded that none of the ten commercially available tools tested were resistant against common malware transformation techniques. They also concluded that “a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors”.

Last week, ABI Research predicted that the mobile encryption alone, including both software and services, is expected by the firm to hit $230 million by the end of 2013. The press release stated “In its report, ABI calls out device manufacturers and mobile providers for their slow adoption of security software. The firm predicts that much of the segment’s growth will be pushed by security and mobile device management companies in the short-term.

From the point of view of a user, and somebody who knows nothing about the technicalities of the sector, I just hope that my current PC internet security provider, one of the big two internet security software names, package my mobile needs into my already too expensive (and getting less relevant every day) PC package.

Advertisements

One response to “Do we really have to worry about security for our mobile devices?

  1. Fast Eddie

    This is simply a matter of scale. Malware only pays off if you target a big enough audience (did you ever wonder why there are so few attacks on Macs ?). The more widespread and integrated in out daily lives smartphones become the more interesting for everyone who wants to make a quick buck. Even Google’s Chrome browser could be hacked at one point (the result of a contest). Until then everybody assumed that Chrome is the safest browser from this point of view, so you can’t rule anything out.

    Basic protection like firewalls and a proper virus scanner (btw, there is free software like Avast or AntiVir that performs better than the commercial tools… check the stats) is a must. What is even more important though is common sense imo. Simply don’t click on the link in a mail even if it looks like you bought artifical boobs over Amazon. You wouldn’t believe how many people fall for this trick. Pdfs can be infected, too, so also don’t open documents from people you don’t know. As a final note, the e-mail header (it shows you the way the mail went… usually not shown but can be activated) is very revealing, especially if something looks fishy. The same approach holds for you mobile of course…

    Best,

    Eddie

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s