Mobile Threats Are Increasing But Are Still Nothing Compared To PC Crime - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
12:37 PM
Connect Directly

Mobile Threats Are Increasing But Are Still Nothing Compared To PC Crime

The latest Symantec Internet Security Threat Report describes a dangerous world where threats involving mobile computing, such as identity theft and malware, are increasing, but still a small minority of the total.

Smartphone security threats are increasing, according to a new Symantec report. The latest edition of the Symantec Internet Security Threat Report is out, which looked at security risks during 2011. As usual, things are getting worse overall, but the threat in the world of mobile computing is still a small side show.

Almost all security vendors note steady increases in mobile malware, as does Symantec. As you can see from the graph below, growth took off in 2011, but the overall numbers are still small.

The types of malware found reveal that criminals appear to be adapting to the new environment. See the graph below:

The two biggest categories of malware spy on the device and the user. The third makes money by sending text messages to premium rate numbers set up by the attacker. When your phone calls or texts these numbers, your account is charged and the owner of the number paid. Typically attackers will charge a small number, perhaps $10, once a month on the theory that you won't notice it. According the Symantec report, the story of one gang earned $1 million/year using this technique. The criminals don't need a huge number of phones to do it.

Most of the remaining threats are more like PC malware. As with other areas of computer crime, mobile hackers move around from one technique to another looking for what will make them money.

Besides making a quick dollar, the more serious threat occurs when criminals use smartphones as a way to hijack data on the network. According to the report, Symantec saw examples of attackers using their control of smart phones to access data on enterprise networks to which they were connected. Indeed, the point of most mobile malware is to steal information. When the attacker has access to company data the threat becomes far more serious. This is the point where BYOD (Bring Your Own Device) becomes a disaster to the company.

Of the 187 million compromised identities found by Symantec in 2011, about 10% (18.5 million) were as a result of a lost device. This is clearly a big number, but it pales in comparison to the identity theft impact of network intrusions of a more conventional sort, such as by compromising a PC on the network.

Lost and stolen devices are a big problem and an up-and-comer, but it's not scalable from the criminal's point of view. You may be able to break into numerous databases and compromise thousands of identities from the comfort of your own home, but stealing a large number of smartphones is hard work. Symantec did a test where they purposely "lost" smartphones running monitoring software and then tracked the phones to see what happened to them. No, people who found the phones didn't look up "home" and call to return it. Instead, the test found that someone looked at private data on 96% of the phones and 50% of the phones were never recovered.

Computer criminals are a surprisingly conservative bunch, and they tend to stick with what they know works. Consumers have been much more adventurous by comparison, rapidly adopting mobile technologies and cloud services. The bad guys are working on these fronts, but it's not mainstream and may not be for some times.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll