Mobile Security at RSA: Not Just a User Problem

The big thing, as expected, at RSA this year was mobile security. With consumer devices such as smartphones (>600Mu) and tablets (>100Mu) entering the mainstream workplace it is natural that mobile security should be the number one security concern.  The biggest threat to mobile security is the proliferation of mobile malware – specifically Android malware which is growing at an alarming rate and threatening the entire enterprise ecosystem. 


I attended a couple talks on mobile malware. Disappointingly, there was nothing new being said about the malware issue. Missing from these talks was information or indication of any advanced research being done by threat security researchers in either academia or industry to address this problem.


The main message was that tried and true techniques from the PC world such as phishing attacks, spams and drive by downloads are now resurfacing in the mobile world.  According to a panel of experts on the “50 Minutes Into the Future: Tomorrow’s Malware Threats”, mobile malware writers have no incentive to reinvent or elevate the attack surface from software to hardware as there is still a lot of low hanging vulnerabilities present in software that can be exploited. Overall, the future of mobile malware exploits looks the same as present day mobile malware exploits, just more pervasive.   


An interesting note made by this panel however, was that while malware writers are quickly drawing on their experience from the PC world to rapidly bear on the mobile market the mobile industry has been slow in reacting to combat this threat.  The burden of this response is being put on the end user to educate themselves to thwart these attacks. This cannot be sufficient. 


While end user education on mobile security is imperative, it is hard to imagine the mobile industry not having to gear up a rapid response to combat this threat.  The stakes posed by malware, are high for the mobile industry as the number of sensitive and monetary transactions conducted using mobile devices continue to rise. This represent a great opportunity for the whole mobile ecosystem to work together, from devices leveraging hardware based security mechanisms, to OS’s using better memory protection and sandboxing techniques, to more controlled marketplaces and the development of state of the art malware detection tools to effectively fight this battle.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.