In years past there’s been a lot written and said about the rise of mobile malware, but over the years there’s been a stunningly low number of actual attacks on wireless handheld devices compared to the level of dire prognostication.
The main reason why the predicted attacks never truly materialized was based on a number of reasons, including the sheer number of different devices and operating systems being used by people, and more importantly that the applications certification standards enforced by major device makers and carriers worked very effectively.
Unlike the Wild West atmosphere of the Web where users were free to stumble their way onto any sort of threat just waiting out their to pwn their Windows machines, mobile users were almost entirely insulated from malware campaigns as the amount of work needed to create such attacks, actually get them in front of end users and then make money from them was comparatively unattractive compared to say, using a widely available toolkit to create online Trojan programs.
Essentially you’d have to fool a lot of legitimate people with every incentive to keep you off of their devices and networks rather than simply setting up a Web site and buying some search terms. As a result there’s never been a lot of threats for mobile users to worry about — especially if they didn’t own an early Symbian smartphone.
However, with the rise of newer smartphone platforms fostering increasingly open applications ecosystems that more closely mirror the world of traditional desktop computers, the long-feared rise of waves of mobile attacks is already becoming a reality. For instance, earlier this month researchers discovered a malicious application made available to users of the fairly new Google Android phone.
This shift will force handheld users to be far more selective about which programs they choose to run on their devices, experts including ESET’s Randy Abrams have observed.
“It looks like 2010 is going to be a pivotal year for mobile malware. We may not see a lot of it, but we are seeing a robust infrastructure reaching enough maturity to support wide scale attacks,” Abrams said in a recent blog post. “A stock Android will probably be relatively safe, but the applications you can choose to put on it may make it very unsafe.”
At the same time, iPhone and BlackBerry users will likely be far less prone to attack based on the fact the Apple and RIM remain completely unwilling to allow unapproved applications on their devices. Unless of course you’ve chosen to jailbreak the machines, in which case you’re open to anything you choose to download.
In terms of practicing wise applications selection, Abrams recommends that people allow others to be early adopters of new tools to ensure they are safe, and to be very careful where they choose to download any content from based on opportunities for mobile Trojans.
Sounds just like the world of PCs. And we all know how that one played out…
Follow eWeek Security Watch on Twitter at: eWeekSecWatch.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.