As news that the Symbian Foundation has admitted it needs better safeguards to prevent malicious apps finding their way onto mobiles, Fortify Software predicts this problem is going to get worse for mobile phone manufacturers and their operating system developers.
“The problem with mobile phones is that their processing capacity is increasing at a near-exponential rate, with some of the latest smartphones the technological equivalent of the PCs seen in the early part of this decade,” said Richard Kirk, director of the application vulnerability specialist.
“And whilst the power of the average smartphone has soared on the last few years, the behind-the-scenes technology and security assurance practices required to prevent any security loopholes in the operating system and/or applications is not as up to speed as it is on the desktop/laptop platforms,” he added.
Because of this, hackers and malware developers – blocked by increasing sophistication on the desktop/laptop security front – are now turning their attentions to the microcomputer many of us have in our pockets – the smartphone.
The problem with smartphones is that they are truly mobile devices, travelling with us between home and office, and out into the untethered real world, but remaining constantly connected thanks to a mixture of GSM, 3G and WiFi connections.
Add in a high quality mobile email and Internet access, and you have a potential recipe for a data leakage disaster in the making, as the humble smartphone can offer hackers a nearly always-on back door into desktop PCs at home and corporate networks in the office.
The fact that the Symbian Foundation has admitted a boo-boo in allowing a botnet-building Trojan – Sexy Space – past the group’s digital signing procedures, is a potentially serious failure in the foundation’s audit procedures.
“At the same time, it’s an understandable mistake, and one that the IT security industry’s early movers and shakers probably made in the 1990s,” he said.
“Because of this, you can expect more of the same to happen in the weeks and months ahead, as the mobile industry gets to grips with its growing IT security teething troubles,” he added.