Mobile devices and applications are the next logical place to go for the next generation of destructive activity, says Howard Schmidt, president and CEO of R&H Security Consulting.
Schmidt, who is a former White House cyber security advisor, delivered the opening keynote address at ITWeb Security Summit 2008 this morning, in Midrand.
"As we become more dependent on our mobile devices, we'll become more vulnerable to attacks. A new generation of mobile applications, that are easy to use and financially viable, are being developed, but who is looking after the security of these applications? Who is developing anti-virus software and encryption? Not many people are doing it," warned Schmidt.
Johnny Cache, hacker for hire, agrees with Schmidt. "Mobile devices are running real operating systems; therefore, they must be treated like computers and have comparable security."
In his keynote, Cache said years ago anti-virus vendors were trying to hype mobile security, claiming these devices were like computers. "This wasn't true then, they had their own little operating systems and only ran voice. However, technology has been progressing at such a speed, the hardware in your pocket is the same as the hardware on your desk, the specs are the same."
The hardware on mobile devices is so advanced it has turned them into real computers. According to Cache, this makes them an attractive target. The 400MHz processors on phones are comparable to laptops of only a couple of years ago. The huge investment of time has been removed, as there is a whole industry of standardised operating systems, and code that attacks them all. This is what is making mobile devices attractive targets today.
Banking on security
Barclays deputy head of group information risk management Mark Logsdon said as financial institutions are increasingly operating from a mobile platform, new security issues are raising their heads.
"New vulnerabilities are arising with mobile banking, driving new solutions and challenges all the time."
Schmidt said the traditional virus companies are obviously best positioned to tackle mobile security, but commercially they are still ahead of the curve - there is still not enough user demand for them to focus on it. New players may emerge to fill the gap. In the meantime, security professionals should use their experience to do preventative work, he noted.
"You [IT security professionals] can help prevent the next generation of bad criminal activity from happening on the mobile platform. We've got enough experience to be able to prevent attacks and do some preventative work not to allow the destructive attacks on mobile applications."
He commented that significant progress had been achieved in protecting fixed infrastructure networks, and that experience should be used in pre-empting mobile vulnerabilities. In August, it will be five years since the last major Internet outage, like the Nimda virus attack that caused a massive ripple effect across the Internet.
"We've been doing a pretty good job," he noted.
Schmidt likened a security infrastructure to the Taj Mahal, which is made up of tiny individual tiles - each is different, but each plays a role in making up the whole structure. "I'm asking you as an individual to be part of that mosaic - to do your part to make your environment more secure, robust, richer, more resilient and more secure."
Share