Panel: Open phones are more vulnerable

The opening up of mobile software platforms will lead to more dangers, security executives said.

The opening up of the mobile industry is great news for application developers but not so good for IT security professionals who want to sleep at night, executives from the security industry said Thursday.

Mobile phone operating systems have been highly fragmented and carriers have tightly controlled the applications that can easily be used on phones, but that approach is giving way to open-software platforms and easy-to-use application stores. In addition to Apple's recently introduced iPhone SDK (software development kit), Google's open-source Android platform is due on phones soon and an open-source version of Symbian is on the way.

"Everyone has now decided that the developers are very important for the future of this business. If a developer can load software on a device, a hacker can load software on a device," said Mark Kominsky, CEO of Bluefire Security Technologies, during a panel discussion at the CTIA Wireless I.T. & Entertainment show in San Francisco. "I think we're probably 12 to 18 months away from something big happening," he added.

Mobile devices are beginning to have high bandwidth, open platforms and the ability to load new software, Kominsky said. "Those are the critical elements that occurred in the notebook when viruses took off about 20 years ago," he said.

Symbian, the single most widely used mobile software platform, has already wrestled with the dangers of openness to third-party developers, said Khoi Nguyen, group product manager in mobile security at Symantec. Symbian 7 and 8 were fairly open and allowed almost any application to be installed and run. This led to a few hundred viruses being introduced within a couple of years, so Symbian 9 was locked down significantly, he said.

That made it much harder and more expensive to develop applications for the OS, even for a big company such as Symantec, Nguyen said.

Symbian and other platform vendors will have to find a balance between security and openness, he said.

By the same token, the fragmentation of the mobile world that has hobbled software developers still insulates phones from the onslaught of attacks on PCs.

Symbian has less than 70 percent of the market, Nguyen said. "It makes it very hard for a hacker to develop a single threat ... that can run on all these different platforms," he said.

Nevertheless, there are some new types of malware for enterprises to look out for, as well.

"Snoopware" is a form of spyware that can activate the microphone or camera without the user's knowledge, listen in on calls and collect text messages and call logs. Another type of threat, which he called "pranking4profit," can trick the user into allowing actions that will cost money. In one case, a hacker advertised a free Web browser for Symbian phones and convinced many users to download code that caused their phones to send thousands of premium SMS (Short Message Service) messages to a hacker's phone. Each one cost the sender US$2 or so, Nguyen said.

Although malware may make headlines, the greatest danger to enterprises with mobile phones is loss or theft of data, the panelists agreed.

Enterprises should protect their employees' mobile phones just as they do any other end point, with the same security policies and requirements as well as security software, with an eye to compliance as well, Nguyen said. Companies should also maintain an inventory of their mobile devices and regularly push out software updates. To protect data, they should use password protection, encryption of data and remote data wipe capability, he said.

They should also disable features not required for business use, he said.

Join the PC World newsletter!

Error: Please check your email address.

Tags mobile applications

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephen Lawson

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?