Thursday, June 30, 2011

Mobiles More Secure Than Desktops?


Symantec just released a whitepaper titled "A Window Into Mobile Device Security" examining the security risks that surround iOS and Android mobile devices in the enterprise market. Some key conclusions:

  • While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
  • iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
  • Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
  • Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..
  • So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

As we are entering a world where the smartphone is on the ascent and rapidly replacing the desktop for a number of enterprise and consumer applications, the bad guys will start pointing their guns there as well. Apple was relatively safer vis-a-vis Microsoft-based PCs simply because the cost/benefit for targeting Macs made no sense in the past. Once Apples became more popular, the malware purveyors started targeting Apples as well. Most Man-in-the-Middle attacks target PCs. But a new generation of malware has started to emerge and the mobile variant is often referred to as Man-in-the-Phone (also known as Man-in-the-Mobile or MitMo attacks). Android versions like the Droid Kung Fu started to populate many of the Android application stores, and other applications that "stole" username/password credentials even managed to pass the strict Apple App Store process. Of course, there are also other ways of hijacking mobile platforms, such as exploiting zero day vulnerabilities and browser poisoning.

The very success of smartphones will make it a juicier target for malware authors and hackers, even if they are relatively more secure now, as Symantec argues. Just don't get carried away with a false sense of security: that is precisely the mindset that allows hackers to successfully fire their salvos.

13 comments:

  1. For every business data security is very important. In this hosting, your data stored on safe & secure data server. Cloud hosting will provide secured hosting for your website, so your data & website is safe from unauthorized access or attacks.
    data rooms

    ReplyDelete
  2. When you buy online mobiles, then you are getting a perfect solution to erase your dilemma. You can search for and buy mobile phones that have been launched recently. Every brand of cell phones can be found on the internet. Explore the world of mobile phones online.
    how to track an iphone

    ReplyDelete
  3. When you buy online mobiles, then you are getting a perfect solution to erase your dilemma. You can search for and buy mobile phones that have been launched recently. Every brand of cell phones can be found on the internet. Explore the world of mobile phones online.
    stereodevelopment

    ReplyDelete
  4. I want to thank you for writing this article.This is great Article for me. It also more very informative & awesome.

    ReplyDelete
  5. This is my first time visit here. From the tons of comments on your articles,I guess I am not only one having all the enjoyment right here! Emus4U

    ReplyDelete
  6. Mobile phones are always secure than desktops. But you must take care of it while you lost your phone. You must know how to wipe your data etc. Nonetheless, always check the vulnerabilities found on your mobile phones.
    transmitterreviews

    ReplyDelete
  7. Largest lover messages were made to share it with your and gives honour of the bride and groom. Very sound systems facing unnecessary throngs of people should take into account each of our valuable concept of all presenting, which is one’s trailer. best man toasts ipad device template

    ReplyDelete
  8. Blogs ou should be reading… [...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]…… tablet mockup

    ReplyDelete
  9. I don’t make it a habit to make comments on many articles, but this one deserves attention. I agree with the data you have written so eloquently here. Thank you. apple tablet mockup

    ReplyDelete
  10. There are some fascinating points in time in this article however I don know if I see all of them middle to heart. There may be some validity but I will take hold opinion until I look into it further. Good article , thanks and we want extra! Added to FeedBurner as well macbook png

    ReplyDelete
  11. I appreciate your work , thanks for all the informative blog posts. mobile mockup

    ReplyDelete
  12. Needed to compose you a tiny note to finally thank you very much yet again for your personal splendid methods you have discussed above. It is strangely open-handed with people like you to provide publicly all that a number of people would have marketed as an electronic book to generate some bucks for their own end, primarily now that you could possibly have tried it if you ever wanted. These inspiring ideas likewise acted like a fantastic way to know that the rest have the same dreams really like my personal own to see a whole lot more concerning this problem. I’m sure there are thousands of more enjoyable times in the future for many who check out your blog. android phone template

    ReplyDelete