Thursday, June 30, 2011

Mobiles More Secure Than Desktops?


Symantec just released a whitepaper titled "A Window Into Mobile Device Security" examining the security risks that surround iOS and Android mobile devices in the enterprise market. Some key conclusions:

  • While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
  • iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
  • Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
  • Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..
  • So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

As we are entering a world where the smartphone is on the ascent and rapidly replacing the desktop for a number of enterprise and consumer applications, the bad guys will start pointing their guns there as well. Apple was relatively safer vis-a-vis Microsoft-based PCs simply because the cost/benefit for targeting Macs made no sense in the past. Once Apples became more popular, the malware purveyors started targeting Apples as well. Most Man-in-the-Middle attacks target PCs. But a new generation of malware has started to emerge and the mobile variant is often referred to as Man-in-the-Phone (also known as Man-in-the-Mobile or MitMo attacks). Android versions like the Droid Kung Fu started to populate many of the Android application stores, and other applications that "stole" username/password credentials even managed to pass the strict Apple App Store process. Of course, there are also other ways of hijacking mobile platforms, such as exploiting zero day vulnerabilities and browser poisoning.

The very success of smartphones will make it a juicier target for malware authors and hackers, even if they are relatively more secure now, as Symantec argues. Just don't get carried away with a false sense of security: that is precisely the mindset that allows hackers to successfully fire their salvos.

32 comments:

  1. For every business data security is very important. In this hosting, your data stored on safe & secure data server. Cloud hosting will provide secured hosting for your website, so your data & website is safe from unauthorized access or attacks.
    data rooms

    ReplyDelete
  2. When you buy online mobiles, then you are getting a perfect solution to erase your dilemma. You can search for and buy mobile phones that have been launched recently. Every brand of cell phones can be found on the internet. Explore the world of mobile phones online.
    how to track an iphone

    ReplyDelete
  3. When you buy online mobiles, then you are getting a perfect solution to erase your dilemma. You can search for and buy mobile phones that have been launched recently. Every brand of cell phones can be found on the internet. Explore the world of mobile phones online.
    stereodevelopment

    ReplyDelete
  4. I want to thank you for writing this article.This is great Article for me. It also more very informative & awesome.

    ReplyDelete
  5. This is my first time visit here. From the tons of comments on your articles,I guess I am not only one having all the enjoyment right here! Emus4U

    ReplyDelete
  6. Mobile phones are always secure than desktops. But you must take care of it while you lost your phone. You must know how to wipe your data etc. Nonetheless, always check the vulnerabilities found on your mobile phones.
    transmitterreviews

    ReplyDelete
  7. Largest lover messages were made to share it with your and gives honour of the bride and groom. Very sound systems facing unnecessary throngs of people should take into account each of our valuable concept of all presenting, which is one’s trailer. best man toasts ipad device template

    ReplyDelete
  8. Blogs ou should be reading… [...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]…… tablet mockup

    ReplyDelete
  9. I don’t make it a habit to make comments on many articles, but this one deserves attention. I agree with the data you have written so eloquently here. Thank you. apple tablet mockup

    ReplyDelete
  10. There are some fascinating points in time in this article however I don know if I see all of them middle to heart. There may be some validity but I will take hold opinion until I look into it further. Good article , thanks and we want extra! Added to FeedBurner as well macbook png

    ReplyDelete
  11. I appreciate your work , thanks for all the informative blog posts. mobile mockup

    ReplyDelete
  12. Needed to compose you a tiny note to finally thank you very much yet again for your personal splendid methods you have discussed above. It is strangely open-handed with people like you to provide publicly all that a number of people would have marketed as an electronic book to generate some bucks for their own end, primarily now that you could possibly have tried it if you ever wanted. These inspiring ideas likewise acted like a fantastic way to know that the rest have the same dreams really like my personal own to see a whole lot more concerning this problem. I’m sure there are thousands of more enjoyable times in the future for many who check out your blog. android phone template

    ReplyDelete
  13. I want to start a blog written by a fictitious character commenting on politics, current events, news etc..How?. app screenshot

    ReplyDelete
  14. hey there, your site is fantastic. I do thank you for work app store mock up

    ReplyDelete
  15. Thanks for the write up! Also, just a heads up, your RSS feeds aren’t working. Could you take a look at that? imac template

    ReplyDelete
  16. Very interesting subject , regards for putting up. imac mockup png

    ReplyDelete
  17. When I originally commented I clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service? Thanks! imac template

    ReplyDelete
  18. I am curious to find out what blog system you’re using? I’m experiencing some small security problems with my latest blog and I’d like to find something more safeguarded. Do you have any recommendations? apple watch mockup psd

    ReplyDelete
  19. I really like your writing style, good information, appreciate it for posting : D. apple watch psd

    ReplyDelete
  20. An impressive share, I just given this onto a colleague who was doing a little evaluation on this. And he in reality bought me breakfast as a result of I found it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I really feel strongly about it and love studying extra on this topic. If potential, as you develop into expertise, would you mind updating your weblog with extra particulars? It’s extremely useful for me. Huge thumb up for this weblog submit! apple watch mockup

    ReplyDelete
  21. Exceptional entry! I found it very interesting. I'll check back later to see if more posts are added. apple watch mockup

    ReplyDelete
  22. Very educating story, saved your site for hopes to read more! apple watch sketch

    ReplyDelete
  23. Very informative and great complex body part of articles , now that’s user pleasant (:. app development companies

    ReplyDelete
  24. There are some fascinating points in time in this article but I don’t know if I see all of them heart to heart. There may be some validity but I’ll take hold opinion till I look into it further. Good article , thanks and we would like more! Added to FeedBurner as properly top app development companies

    ReplyDelete
  25. It is very interesting topic you’ve written here..The truth I’m not related to this, but I think is a good opportunity to learn more about, And as well talk about a different topic to which I used to talk with others web design agency

    ReplyDelete
  26. bless you with regard to the particular blog post ive really been searching regarding this kind of information on the web for sum time right now as a result cheers ui/ux design agency

    ReplyDelete
  27. I’m agitated all these article directories. It sure would be nice to have every article directory that instantly accepts articles. front end service

    ReplyDelete
  28. As far as me being a member here, I wasn’t aware that I was a member for any days, actually. When the article was published I received a notification, so that I could participate in the discussion of the post, That would explain me stumbuling upon this post. But we’re certainly all members in the world of ideas. frontend services

    ReplyDelete
  29. Fantastic goods from you, man. I’ve understand your stuff previous to and you are just too fantastic. I actually like what you have acquired here, certainly like what you are saying and the way in which you say it. You make it entertaining and you still care for to keep it wise. I can’t wait to read far more from you. This is really a terrific site. web development firms

    ReplyDelete
  30. Why didnt I think about this? I hear exactly what youre saying and Im so happy that I came across your blog. You really know what youre talking about, and you made me feel like I should learn more about this. Thanks for this; Im officially a huge fan of your blog best logo designers

    ReplyDelete
  31. I like this post, enjoyed this one appreciate it for putting up. logo design firms

    ReplyDelete