Mobiles to come under attack from 'bad guys'

SDKs to blame?

By Tim Ferguson, 24 April 2008 16:00

NEWS

Mobile devices are going to become the next big target for cyber criminals who will be helped by the greater availability of tools to develop software for them.

Speaking to silicon.com at Infosec 2008 in London, former advisor to the White House on cyber security, Howard Schmidt, said: "[Mobile is] going to become a rich target area for the bad guys."

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Wielding both an iPhone and BlackBerry, Schmidt said the sheer ubiquity of mobile devices and their greater connectivity to the internet means they are the next logical focus area.

He said the availability of software development kits (SDKs) for mobile devices -like the one launched by Apple for the iPhone - increases the possibility of malicious code being designed specifically for mobiles.

He explained: "As SDKs became more available for PCs people wrote malware, viruses, worms and applications that looked like legitimate things but in reality were stealing data. So it's not unreasonable to suspect that that's going to be the next attack vector, particularly as we depend more and more on mobile devices."

Schmidt also stressed the current security threat around applications in general.

He said: "I think that the fact that businesses depend on applications to make them successful, but they're also the biggest weaknesses because of the vulnerabilities that we have in applications. And that's what we've seen the bad guys shifting towards, moving away from network-based attacks.

"You have all of this active content, you have the ability instead of just looking at things you're now changing things and adding things and oftentimes these are great technologies and resources but they're not designed with security in mind."

Schmidt also reaffirmed his backing of a central UK e-crime police unit which silicon.com has been campaigning for.

He said: "If you have a centrally, high located organisation looking after these sort of issues, you're not competing for resources, you're very focused."

He added such an organisation would raise the level of expertise, provide a better view of what's going and ultimately benefit society.

Comments

There are 3 comments. Join the discussion

  1. 1. iPhone user

    Doesn't this just validate Apple's decision to distribute applications via a central app store as opposed to the grab-it-from-anywhere model that the Android crowd are likely to want?

  2. 2. Karen Challinor

    iPhone User - "Doesn't this just validate Apple's decision to distribute applications via a central app store as opposed to the grab-it-from-anywhere model that the Android crowd are likely to want?"

    so, just for the sake of argument consider the following hypothetical situation

    you buy a new computer with, for example, a Microsoft operating system (yes I know you are an apple guy but this is hypothetical), and then you find that you are forced to purchase any software you want to run on this machine from Microsoft as no other software will work

    ok the software you purchase would not be from "bad guys" ... well we hope it isn't, but would you be happy with that situation, would you accept it and hand over your dosh or would you start muttering about antitrust suits and monopolies and how if you had bought a different machine you might not have this situation ?

    purely hypothetically of course

  3. 3. iPhone user

    Karen Challinor.....

    No let's deal in absolutes.

    1. I can 'purchase' all my apps from a central store that filters out all the dross. Such an app will have a high guarantee of working on my device. The developer will have to split the proceeds of the sale with Apple 70/30 but NOT have to pay for storage or data transfer. The license to develop will cost $100 approx. Apple do NOT state how much the developer has to charge - free is also OK

    2. I have a cracked iPhone and will get my apps from any other source. I will need to make sure I vet such apps.

    3. I don't have/want/need/can't afford an iPhone. I'll stick with my current device/buy an iPhone Killer. I will also buy my apps wherever I please and need to make sure I vet such apps.

    4. I don't use a phone.

    Note:

    In cases 2 & 3, I don't need to worry because the 'central UK e-crime police unit' is looking out for me. In fact I'm sure they will come to my rescue and adequately reimburse me for any inconvenience or distress caused to me out of the Special Mobile Victims Fund.

    Now, repeat after me:

    I am a consenting adult in charge of all my faculties. I will choose a mobile device and applications in the manner that suits me.

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ