As more people gain access to high-tech mobile devices, we have seen a rapid shift in how we supply and interact with mobile content. In this new, always-connected age of mobile devices and smartphones, a new set of security problems and concerns has reared its head, threatening network privacy and integrity, as well as business and personal data. Here we examine the top security threats from today’s mobile devices and smartphones.
Apple’s ubiquitous iPhone set the standard for today’s wave of touch-screen smartphones. Since its first release, the iPhone has seen gradual security improvements, and companies that once thought of the iPhone as unsuitable for business have warmed to it. But although no major security outbreaks have threatened the iPhone as of late, hackers did release a source code for potential iPhone spyware in early 2010, followed by a proof of concept botnet that persuaded close to 8,000 users to join before researchers discovered it. The iPhone has also demonstrated vulnerabilities in its operating system and software, with most security issues having to do with jailbroken devices, wherein security settings are unlocked by users to achieve greater functionality. The Jailbreakme.com website exploited security vulnerabilities in the iPhone’s Safari browser, allowing users to unlock their phones with minimal effort to install applications not approved by Apple. By doing this, users made their device more vulnerable to security threats by circumventing the iPhone’s principal security measure. Even with the development of an optional layer of security for jailbroken phones, hackers continue to find ways to subvert iPhone devices. The device’s sheer popularity and diverse range of uses means the iPhone will continue to be a prime target for mobile cybercriminals.
The Apple iPhone’s locked-down design ethos stands in contrast to the Google Android and its more open operating system and app market, which has exposed it to a greater number of security attacks. For instance, Google found and removed banking malware from the site in early 2010 when it found that a wallpaper application had gathered data on over one million Android users. Other security weak spots include the Android’s ability to run Flash, which requires updates to Adobe applications, as well as the operating system’s built-in parts, which require full upgrades to patch vulnerabilities. The Android’s Linux-based platform also makes it more open and accessible, allowing users to tinker with low-level components. Although Android phones represent a strong point of exposure, they do rely heavily on users installing malicious applications. The best way to circumvent security threats is to keep alert on the latest scams.
Windows 7 Phone
Late 2010 saw the release of Microsoft’s Windows 7 phone, arriving loaded with business software such as Exchange that make it a strong contender in the business market, which continues to be dominated by RIM’s BlackBerry. However, the phone’s need for cross-hardware support and flexibility, along with Microsoft’s emphasis on functionality rather than security, means that the Windows 7 Phone is particularly vulnerable to security threats.
This continues to be the most popular mobile device in corporate environments. The device’s security-built-in model has been fairly successful, although there have been reports of potential spyware applications. The BlackBerry’s security model is further weakened by new developments, including pressure from several nations on RIM to soften their policy of transporting all data in strongly encrypted form through central servers. It is still to be seen how much the BlackBerry’s security model will be compromised by these developments.
Palm Pre and Nokia’s Symbian OS
While Apple, Google, Microsoft and RIM continue to dominate the nextgeneration smartphone market, there are other major players coping with today’s security threats. The Palm Pre has been working hard to meet demands for broader functionality whilst also dealing with significant security threats. Recently, cybercrooks gained backdoor access to Pre systems via a malicious webpage or mail message. Nokia’s Symbian operating system has also fallen prey to real working malware due to its insecure operating model and relatively large pool of potential victims.
The good news? Quality security solutions are being developed to protect against these security threats. It seems likely that less secure platforms will steadily die out as more sophisticated mobile devices and smartphones become prevalent.