The Mobile Software Security Boom of 2011

By Stephanie Taylor Christensen Smartphones and mobile tablet devices have taken the world by storm, with Nielsen estimating that by the end of 2011, one in two Americans will have a smartphone, leading them to dominate the mobile phone market in the United States. We can now chat, check email, deposit checks, have live video chats, and download an app for just about anything -- from a dog whistle to a better keyboard. Unfortunately, as smartphones are poised to overtake the mobile world, so are the security concerns they raise, as many experts warn that 2011 might be the year mobile malware explodes on the scene. In its 2011 Threat Predictions report, McAfee Labs identified some of the most popular platforms to become major targets for cyber criminals: Google's (GOOG) Android, Apple's (AAPL) iPhone, foursquare, Google TV, and the Mac OS X platform. Khoi Nguyen, group product manager for the Mobile Security Group at Symantec, explained the new appeal:

(To read Lloyd Khaner's 14 worries facing investors right now, click here.)

Aside from a lack of feature-rich devices, a major barrier to creating successful mobile threats has always been the lack of a clear market leader, resulting in an attacker having to create multiple attacks, one for each platform, in order to develop a high success rate. However, as devices grow more sophisticated and as just a handful of mobile platforms corner the market, it is inevitable that attackers will key in on mobile devices.

And just as you no longer need the help of a computer genius to write your own app, the same is true of cyber criminal activity. According to H. Peter Felgentreff, CEO of NCP engineering, “The architects behind some recent attacks have been hobbyists, who in a few hours could penetrate corporate security defenses." SecurityNewsDaily recently reported that two researchers on cyber security demonstrated the ease of hacking into mobile security software by “developing a program that can eavesdrop and steal text messages from any phone on a GSM network -- all in about 20 seconds.”

(To see Steve Smith's Google earnings play, click here.)

But smartphone providers offer plenty of mobile device security options, some at no cost. So, what's the problem? According to Chris Perret, founder of Nukona, a mobile security software provider, the emergence of smartphones and tablet devices has generated a paradigm shift in mobile security needs that most current solutions aren't equipped to address. “Most mobile security today migrated from management of mobile devices from the past 10 years, in which there was complete control at the operating system level. The approach was securing call monitoring, email, and calendaring. But, with the rise of open systems a smartphone is no longer a phone. It's a computer,” said Perret And, thanks to hundreds of thousands of apps out there, mobile security demands have evolved. “Current mobile security software makes the device secure. We need to focus on securing the information that the app accesses,” Perret explained.

(To view Justin Rohrlich's article on the mouse that could save Steve Jobs, click here.)

The problem escalates further now that mobile devices are commonly used for personal and business needs. Corporations can attempt to secure the devices by ensuring a VPN connection, limiting device-use and the apps that a corporate-sponsored mobile device can run, but that approach may not be enough. When employees carry a personal mobile device in their pocket or purse inside the corporate building, multiple access modes and connectivity models result in additional risk exposure that is not yet fully understood. As Perret put it, the new age of mobile devices has led to people essentially “carrying the Internet around in their pocket.” This paradigm shift in mobile devices may just be the dawning of a new era for breakout technology companies that can bring new vision to mobile software solutions, recognizing that they are really working with a new compute platform -- not a mobile device. Many experts expect new security solutions to be released in the second quarter, from companies like Nukona. But early mobile security options are already beginning to trickle in. On January 7, Trend Micro released a 30-day trial version of its new security software designed for Android users. In addition to the staple features like protecting unwanted calls and personal data in the case of theft, it secures mobile banking data, protects data sent by SMS and MMS, and prevents you from downloading malicious apps.

To read the rest, head over to Minyanville.