Bonus $100
Promo Codes 2024
Users' Choice
90
89
88
85

2011: the year of mobile insecurity

17 Feb 2011
00:00
Read More

If there's one thing certain in life besides death and taxes, it's probably New Year's predictions from analysts speculating on what the big issues and trends for telecoms will be in the next 12 months. And of course, magazine editors are no different. So here's my personal contribution to the crystal-ball meme: mobile security.

Which may sound obvious - a number of security experts have already pegged 2011 as a boom year for mobile spyware, malware, viruses and other threats as smartphones become more and more popular. But in fact, mobile security will be far bigger than that.

Certainly smartphone security is going to be a problem, but not just because the threats are growing. It's also a question of how secure mobile OS platforms are to start with, and the answer is: not as much as they should be, according to the Electronic Frontier Foundation.

Naturally no OS platform is bug-proof or invulnerable, but PC and server OS platforms have compensated by becoming very good at reasonably open disclosure of security bugs and fast distribution of patches to fix them. Mobile OS vendors, by comparison, are way behind the times, says the EFF's Chris Palmer.

Apple, for example, has been known to release patches for bugs several months old. And Google routinely releases Android patches without announcing them, and with the security fixed unmarked among the other fixes and enhancements included in the release.

Complicating things for Android is fragmentation, as OEMs and cellcos tend to tweak Android to add unique features and sometimes remove standard ones, which creates more vulnerability risks, says Palmer (who briefly worked at Google on Android framework security, according to his bio). And while third-party patches may not be illegal under laws like the Digital Millennium Copyright Act, they will almost certainly void your warranty. The EFF is advocating third-party patches as a market-pressure tactic to get OS vendors to up their own security game.

.

Related content

Rating: 5