Smartphone Security Threats Overdramatized, Experts Say
You hear lots of hype regarding threats to your iPhone or BlackBerry, but mobile malware rarely appears in the real world. Mobile security experts explain why -- and share advice on staying safe while avoiding security FUD.
Tue, February 22, 2011
CIO — I was sitting in the middle of one of the most security conscious crowds you'd ever come across—about 200 computer security professionals listening to a high-powered panel on mobile security threats at the RSA Conference in San Francisco last week.
And you'd think that after nearly 90 minutes of discussion, I'd leave the room all a twitter (pardon the pun) and scared that my iPhone was about to go rogue. Not at all. In fact, I left feeling a lot more relaxed about the security of my smartphone, and a little more skeptical about the barrage of hacker warnings to which we've all been subjected.
"I can count on one hand the pieces of (mobile) malware I've seen installed," said Ian Robertson, manger of security research for Research in Motion, the developers of the ubiquitous Blackberry.
Richardson wasn't the panel's maverick. All four agreed that mobile threats are potentially serious, but are still rarely seen in the real world. Indeed, one of the panelists asked the audience how many people had seen a mobile attack or been victimized themselves—and there was almost no response from a roomful of security experts.
"Day-to-day mobile threats haven't (yet) caused much harm," said panelist Ed Amoroso, the chief security officer of AT&T.
BlackBerry Nightmare Scenario Still Fiction
At an earlier panel devoted to Blackberry security, Adam Meyers, director of cyber security for SRA International, warned about insecure mobile devices, but then poured a bit of cooling water on the "FUD" (fear, uncertainty and doubt) surrounding the popular business device. The truth, he said, is that remote exploitation of the Blackberry is theoretically possible, but he has yet to see a real world version of the "nightmare scenario" in which a hacker compromises a Blackberry and uses that as a way into the network.
I want to be careful not to give the impression that there is no security threat to you as a user of wireless. There is. The panelists I heard all predicted that threats and exploits will emerge over the next few years. But the takeaway from my visit to RSA is this: be careful, but it's not nearly as dangerous out there as you might think. Not yet.
Why so much hype about the threats? No doubt about it; the wired world of the desktop has indeed been barraged with malware of various sorts, so we've been primed to suspect digital security and privacy breaches. Meanwhile, the use of wireless devices is increasing exponentially, and more and more sensitive data is being stored and transmitted on those devices. So it makes sense to believe that hackers, many of whom are now part of profit-making criminal enterprises, will begin to focus on mobile users, said Richardson.