ATandT Plans Mobile-Security Services for Consumers in 2012 as Threats Rise

Recognizing that mobile threats are looming on the horizon, AT&T will offer wireless-security services to consumers in 2012, according to an AT&T executive.

Cyber-attacks targeting mobile devices are on the rise. However, mobile users are particularly vulnerable as they don't protect their devices because they assume there is very little risk.

To defend against mobile threats, AT&T is planning to roll out wireless-security services for consumers, John Stankey, the head of AT&T's enterprise business division, told Reuters May 16. The company already offers similar security services for its business customers to protect employee cell phones.

AT&T consumers shouldn't expect to see these services before 2012, as Stankey said there's very little demand from consumers for mobile-security products at this time. Stankey didn't provide a lot of details, and wasn't clear whether it would be a paid service.

"When you start asking them what's your willingness to pay for a solution, if they're not a little frightened, their willingness to pay is nothing," Stankey said, just before Reuters Technology Media and Telecommunications Summit in New York City.

The security service would be an easier sell to customers as they become more aware of the threats, according to Stankey. Once consumers are primed to thinking about mobile threats, subscription-based antivirus services will become as relevant to mobile devices as they currently are on desktops and laptops, Stankey predicted.

A 2010 SANS Institute report found only 15 percent of smartphone users currently have an antivirus application on their phones.

Several myths about mobile malware are contributing to consumer complacency, according to Amit Klein, CTO of security firm Trusteer. Klein addressed trends in mobile malware during a keynote at the AusCERT information security conference in Australia on May 17.

Some myths include claims that sandboxes will prevent malware from compromising the device, that malicious applications can't appear on legitimate application markets or that there is no money in creating malicious mobile applications, according to Klein. "All myths will be proven wrong," Klein said.

A recent report from Juniper Networks found that Android malware jumped 400 percent over the past six months. The threats may come in the form of malicious applications stealing user data, phishing attacks and spam sent to premium numbers, the report found.

Android devices aren't the only ones under attack, as iPhones are vulnerable to adware and the Zeus banking Trojan has variants that target BlackBerry, Symbian and Windows Phone 7 phones, according to security experts.

"Hackers always go to where there's a base of people to attack," AT&T's Stankey said.

Even though the volume is increasing, the threat is not actually here yet. Mobile devices are not yet a big enough target for malware writers, but this would likely change in the next 12 months, according to Klein. Stankey predicted a "spike" in 2012.

Klein noted that phone malware has evolved over the years, from high-cost spam messages sent via SMS (Short Message Service) that tricked users into dialing premium-rate international numbers to Trojans that sent users to a phishing site to steal log-in credentials to sensitive sites. The current crop of malware is more sophisticated and can stealthily intercept and delete SMS messages, send email messages and run applications without the user's knowledge. The next group of malware will be even more advanced, with botnet tendencies to control devices, according to Klein.

Criminals are waiting for the "critical mass" to adopt mobile banking, according to Klein. "Once the money is there, they'll be there within, not years this time, but months," Klein said.

The Juniper report said mobile malware currently accounted for less than 1 percent of all malware detected globally.