Your smartphone: The next big security headache

2011 is the year that mobile security is going mainstream

2011 is the year that mobile security is going mainstream. Here at 2011 RSA Conference in San Francisco many of the security software companies I've spoken to have either released--or are planning to release a mobile security app of some sort.

And while smartphones aren't a major malware target in the United States yet, there are reasons to be concerned about the future of mobile security.

One of Android strengths is its openness. Just about anyone can write an app and distribute it without having to go through a sometimes lengthy review process. But as is the case on the PC, this sort of openness makes it possible for malware writers to infiltrate the smartphone. Security companies seem to think Android is the next big malware target, thanks to this openness, and the fact that it runs on so many devices.

Some of the vendors I spoke to also seemed concerned that the paranoia that users often carry when it comes to downloading and installing software on a PC might not carry over to when they use smartphones, even though the threats are there.

Mobile malware is already a problem in parts of the world. This past week, mobile security software company Lookout Mobile found a Trojan circulating via re-packaged versions of Android apps and being distributed on alternative app markets in China.

Raimund Genes, the Chief Technology Officer for Trend Micro, notes that mobile malware authors are creating their own app stores to distribute malware in China. He predicts that we in the United States see more proofs-of-concept mobile malware this year, and that it'll become a serious problem in 2012.

Smartphones carry additional information that you may not keep on your PC, like your contacts' phone numbers, photos you've taken with your smartphone, and so on. And, unlike a PC, a smartphone can be easily lost: You likely will remember to take your laptop with you if you get up and leave the Starbucks you're browsing the Web at, but it's much easier to leave behind a smartphone.

In fact, Patrick Kennedy, the Senior Director of Product Marketing with Webroot, sees this as the bigger threat toward smartphones right now. And not surprisingly, many of the smartphone security apps we've seen so far put a big emphasis on securing your personal data if your smartphone gets lost or stolen.

Smartphone malware is in its infancy, and it's hard to say what will happen next, but all indications point toward some serious problems in the not-too-distant future. In the meantime, keep your guard up, stay vigilant, and think before you install that next app.

Join the CSO newsletter!

Error: Please check your email address.

Tags mobile phonessecuritysmartphonesLookout Mobile

More about RSAStarbucksTrend Micro AustraliaWebroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nick Mediati

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts