RealTime IT News

Mobile Device Threats on The Way

The lack of a catastrophic malware attack or data theft on mobile devices doesn't mean today's tools are safe. In fact, it's likely just the calm before the storm, experts say.

That's not a comforting thought to industry-watchers, considering how widespread mobile platforms have become among consumers and businesses. Worldwide mobile phone sales topped 1.15 billion last year, according to research firm IDC, while Gartner analysts have reported that smartphones are expected to outsell laptops this year.

IDC also forecasts an estimated 304 million smartphones in use by 2011 -- trends that some say may be lulling IT buyers and the public into false sense of security.

"The platforms offer limited or no inherent security features or security features tailored to a specific activity, such as e-mail, even though they are evolving into general-purpose mobile computing platforms," Mark Komisky, CEO of security vendor Bluefire, told InternetNews.com.

Two years ago, security firm F-Secure detected a worm that could move from a Symbian phone to a PC. The start of 2008 brought another Symbian phone threat: a worm that disguised itself as multimedia file (MMS) to deceive users into unknowingly installing its malicious software.

That virus, detected by security vendor Fortinet and labeled SymbOS/Beselo.A!worm, targeted several models of Symbian S60-enabled Nokia devices.

[cob:Pull_Quote]As one security expert noted, those types of attacks could be merely the beginning, as hackers and malcontents turn their attention to the growing number of mobile devices in the wild -- many now housing personal and corporate data.

"As smartphones and other pocket PCs grow in popularity, hackers and cyber-criminals will naturally shift their attention to compromising them," said Khoi Nguyen, group product manager in Symantec's Mobile Security unit. "This becomes a problem when mobile device users access and store sensitive, confidential information on their phones."

IT lax on smartphone security

Perhaps more disconcertingly, most businesses thus far have failed to think seriously about mobile device security -- a fact that's becoming a major liability, analysts said.

"These devices are increasingly storing financial and confidential information," Many consumers are also using their smartphones for e-mail, mobile banking, and file downloads," said Symantec's Nguyen. "Cyber-criminals go where the money is. In the past, hackers were motivated by fame, trying to be noticed for their malware. As a result, these criminals continually look for ways to exploit weaknesses for financial gain."

Industry observers said that few organizations track device use or network access, and rarely do IT staffs have even a process in place for contending with that most underappreciated of security threats: when devices go missing.

"The issue isn't about viruses hopping around, as a device is a confined, low-risk environment," Jack Gold, principal analyst at J.Gold Associates, told InternetNews.com. "The bigger issue is the loss or theft of data and the exposure that presents to companies. Very few have a grip on protecting the increasing amounts of data being housed on mobile devices."