Smartphone use is on the rise, not just with consumers but with companies as well. They're becoming more and more like mini-computers. According to an August 2010 ABI Research report, more than 60 percent of handsets will have mobile browsers in them by 2015.
But that added functionality and ubiquity could make them prime targets for cyber-attackers in the future, if not today. Smartphones could become even more attractive to cyber-criminals because users might not focus on securing them as much as they do for traditional hardware.
Ron Meyran, director of security products at Radware, an application delivery and security company, believes there are three reasons why smartphone security often is neglected.
"I think today the threat is unawareness. The second thing is the fact that nobody treats the smartphone as a real computing platform but more as a gadget," he said. "The third is the fact that today, IT security managers are overwhelmed with the workload that they have, especially in the past two years. During the recession, they had been cutting budgets and the human factor -- they had to lay off people."
With less money and less manpower, IT security professionals in the private sector and government have to secure not only laptops and desktops, but also a slew of additional mobile devices. Meyran said not enough IT shops are doing both.
"The mobile device today has an operating system, communications stack, applications -- everything -- which makes it vulnerable just like any PC," he said. "Today we don't see many tools to protect smartphones."
Radware issued a statement in early August listing three threats to the unprepared:
- Handsets that can send and receive data are vulnerable to battery drain attacks, where they're sent packets of data that prevent them from going into sleep mode -- draining the battery faster than it would deplete otherwise.
- Malware can infect a handset and jump from there to the corporate or government network and bypass security measures.
- Botnets can target handsets as well and allow criminals to control the devices remotely in order to send spam and launch further network attacks.
Meyran said that Radware has been informed of these kinds of attacks from its customers -- server providers who manage the mobile networks -- who get complaints from their users experiencing problems with their phones. Many Radware customers are cellular providers or e-commerce business. Unhappy customers are bad for business.
"They simply want to maintain their service," Meyran said.