The Case For Smartphone Security

Peter Harrison, CTO of mobile security specialist UMU, discusses the growing need to take Smartphone security seriously

Peter HarrisonUMU
No one would invest hundreds of pounds in security locks, deadbolts and alarms for the front door of their house, only to leave the back door wide open and unguarded. Yet this is an error many consumers make when dealing with their Smartphones.
While PCs and laptops are now protected by advanced firewalls and virus scanners, many consumers are unaware of the dangers to exactly the same data on their Smartphones. Worse still, there are few comprehensive security programs available for the platform and, because we carry our Smartphones with us at all times, these devices are more exposed to physical theft and misuse.
Five years ago, Smartphones could be easily dismissed as the preserve of business people and technophiles, but they are now increasingly popular with mainstream consumers. According to Gartner, Smartphone sales rose by 16% in 2008. This growth is being driven by a new breed of handsets, which are decidedly more consumer-friendly than those of old, with features like cameras, touch-screens and easy-to-use operating systems.

Dumb mobiles
While Smartphone users have quickly become accustomed to accessing the Internet, email and multimedia content through their phone, many still regard their Smartphones in the same way that they looked at dumb mobiles or even landlines. This is something that must end, given that Smartphones can contain sensitive data like passwords, browsing histories, multimedia content and emails, as well as increasingly being used to access secure services such as corporate networks and online banking. While it is not always possible to stop a thief from stealing a handset, it is certainly possible to stop them from making calls and accessing any sensitive information it contains.
Aside from physical theft, Smartphones are increasingly vulnerable to malicious software and data theft. While mobile malware infections are still rare compared to desktop systems, with only around 500 identified so far, they can cause problems like file wipes, hard resets or unintended toll charges. And unfortunately, the barriers that previously restrained malware attacks on Smartphones are falling.
The varied, device-specific operating systems of Smartphones used to discourage malware writers, since they would require a great deal of effort to hack and would bring little reward. The move to Windows-compatible operating systems (or OS X on the iPhone) has changed this. Additionally, the increasing number of handsets means there will soon be a large and sufficiently lucrative market to attract the interest of malware writers, be they hackers, thieves or software developers angry at being made redundant. Faster 3G connections, Bluetooth and wi-fi are also making over-the-air malware propagation more common, while Smartphone access to email and the Internet exposes users to the traditional routes for malware infection.

Security software

Consumers must learn that as their use of mobile phones becomes more sophisticated, so the need to protect themselves with security software becomes more critical. Unfortunately, in the same way that it took a highly publicised virus to raise awareness amongst PC users of the need for anti-virus and firewall software, Smartphone users will likely remain unprotected until we face a serious threat. Nevertheless, malware such as the Yxe and Pmcryptic worms, as well as the Konov Trojan, have shown how easily they can spread across networks. Indeed, Yxe is even Symbian signed and so can be installed on 3rd edition devices.
The industry not only needs to act fast to combat the current threats to Smartphones users, they must also work now to head off future problems. For example, the rise of technologies like mobile NFC (Near Field Communication) contactless payments, which will allow mobile devices to incorporate the full functionality of credit and debit cards, will make hacked handsets far more lucrative for criminals. Some operators are already providing email and SMS filtering for mobile devices, regardless of their operating system. However, since malware can still spread using mechanisms such as Bluetooth, wi-fi and memory cards, operator filtering should not lull consumers into a false sense of security.
Meanwhile, however, it is imperative that consumers wake up to the risks their Smartphones face,  because, as we come to rely more heavily on our mobile devices and services like mobile banking become more common, the risks will continue to grow.