[LINK] Smart Phones the Primary Platform

Roger Clarke Roger.Clarke at xamax.com.au
Thu Dec 15 21:57:21 AEDT 2011 

[It'a always nice to have been marginally ahead of the guru
[ http://www.rogerclarke.com/II/ConsDevSecy.html (2007)
[ http://www.rogerclarke.com/EC/MP-RAF.html (2008)


                       Malware on Smart Phones
           http://www.schneier.com/crypto-gram-1112.html#2

Two articles of note here.  The first is about the prevalence of malware
on Android phones.  I'm not surprised by this at all.  The Android
platform is where the malware action is.  I believe that smart phones
are going to become the primary platform of attack for cybercriminals in
the coming years.  As the phones become more integrated into people's
lives -- smart phone banking, electronic wallets -- they're simply going
to become the most valuable device for criminals to go after.  And I
don't believe the iPhone will be more secure because of Apple's rigid
policies for the app store.

The second article is a good debunking of the first article.  The author
is right.  Malware on portable devices isn't going to look or act the
same way as malware on traditional computers. It isn't going to spread
from phone to phone.  I'm more worried about Trojans, either on
legitimate or illegitimate apps, malware embedded in webpages, fake
updates, and so on.  A lot of this will involve social engineering the
user, but I don't see that as much of a problem.

But I do see mobile devices as the new target of choice.  And I worry
much more about privacy violations.  Your phone knows your location.
Your phone knows who you talk to and -- with a recorder -- what you say.
   And when your phone becomes your digital wallet, your phone is going
to know a lot more intimate things about you.  All of this will be
useful to both criminals and marketers, and we're going to see all sorts
of illegal and quasi-legal ways both of those groups will go after that
information.

And securing those devices is going to be hard, because we don't have
the same low-level access to these devices we have with computers.

Anti-virus companies are using FUD to sell their products, but there are
real risks here.  And the time to start figuring out how to solve them
is now.

http://globalthreatcenter.com/?p=2492
http://www.informationweek.com/news/security/mobile/231903411


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list