Holy crap, do I not agree with this article in the least. The general consensus form the article is that, because we can count the number of actual mobile malware infections on one hand, we should take a lackadaisical attitude towards it because: The phones are typically more “closed,” making it more difficult to exploit (cough, bullsh1t, cough), the only way of infiltrating is through an app store (oh sure, every line of code is examined, even through “third party” stores), and Windows is still dominant, versus a plethora of smartphone software and OS versions (I call bull$hit here too – just think about the times you’ve tried to exploit a box but it was the wrong service pack, language, or point version of an application). Instead, how about chilling out about it, how about we make the industry BETTER around smartphone security before we end up with a sh1tstorm of activity.
Further, this article demonstrates a dangerous misunderstanding of a number of core security concepts, not to mention missing the point of what a security conference is about.
First, with the security concepts. The reason the bad guys have not gotten to the mobile platforms en-mass is because the money is not there . . . yet. Please, do a simple good search on mobile banking apps for iPhone and Android. You will see there is a big push to move towards these platforms. As people move the management of their daily lives more and more from the PC to their phones you will see the crime follow.
This brings me to the next point. The purpose of a security conference is to discuss future trends and to sound the alarm before the boat hits the iceberg.
We need to start to focus on this issue now. First, your data is moving this way. Secondly, there are very few security features built into these devices. Finally, there is little in the way of monitoring and management for these devices in a large-scale environment.
I really do not think I would like to be behind an article that says, “…[I felt] a lot more relaxed about the security of my smartphone….” Really?
Wow. It looks like this panel failed.


Brought to you by: haxorthematrix and strandjs
Originally discussed during episode 231

About the author