2008 threat report: Mobile security threats

More info from the Sophos Threat Report for 2008. There are approximately 200 malware threats for mobile phones, compared to over 300,000 for Windows. The risk of being infected on a mobile phone is tiny in comparison. Nevertheless, the mobile malware threat has been growing steadily over the last few years and more businesses are now looking to secure confidential data against potential attacks at all endpoints.

In a Sophos web poll, in November 2006, 81 percent of business IT administrators expressed concern that malware and spyware targeting mobile devices will become a significant threat in the future. However, 64 percent also said they currently have no solution in place to secure company smartphones and PDAs.

Ultimately the main vulnerability on any system is the user and Sophos expects to see messages sent to mobile users luring them to fake webpages on which they will be instructed to enter confidential data, in just the same way that desktop email users are trapped.

IT managers should not only be looking to protect their PDAs and mobile phones from malware, but also be investigating data encryption and access control. It is also wise to invest in user education on how to safely browse online. Those with mobile devices need to understand that many of the web threats affect them as well, regardless of the device or operating system they are using.

Ultra-mobile PCs, iPhones and Wi-Fi devices

The wider availability of wireless internet services has increased the attractiveness of Wi-Fi-enabled devices.

Although simple Trojans have been seen, the Apple iPhone has not yet been the target of commercially motivated hackers. The fact that most versions of the phone/music player/browser are locked to particular service providers and lengthy contracts has, however, limited its appeal to the mass-market and may mean iPhone adopters have some breathing space before attacks begin in earnest.

Flaws have been found in Apple’s mobile email application and Safari browser and it is more likely that attacks would be focused on these areas than the underlying operating system. But cybercriminals seeking a larger return are likely to stick mostly to Windows desktops for the foreseeable future.

The iPod Touch is more affordable than the iPhone, and shares its Safari web browser. As both the iPhone and iPod Touch are designed to connect to the internet, and can retrieve email and visit websites, it is theoretically possible that hackers will target them more in the future. At the moment, Safari appears to be the most likely place where vulnerabilities would be exploited.

Meanwhile, 2008 looks set to be the year of increased take-up of ultra-mobile PCs (UMPCs). UMPCs, like the Asus EEE subnotebook, have shaken up the laptop market with their low price, usability and portability.

Interestingly, this new range of UMPCs does not necessarily come with a version of Windows pre-installed (in the case of the Asus EEE, it comes with the Xandros flavor of UNIX). For this reason, UMPCs are automatically immune to the vast majority of spyware, adware and malware attacks – but if such devices continue to increase in popularity the situation might change.

Of course, as has been pointed out earlier, a lot of hacking attacks actually have very little to do with technology, but with vulnerabilities in the human operating the computer. So it is perfectly possible right now for users of any of these mobile devices to receive spammed phishing messages, follow the link and enter their confidential data.




Share this