By Peter Branton
The bad news for mobile phone and PDA users is that they could be vulnerable to a quick-spreading worm or virus. The good news is it is not likely to happen before 2007.
The bad news for mobile phone and PDA users is that they could be vulnerable to a quick-spreading worm or virus. The good news is it is not likely to happen before 2007 at the earliest.
At least that’s the view of researchers from Gartner Group. They claim that anti-virus firms have been over-hyping the dangers faced by mobile devices to sell their products while in reality the conditions needed to actually spread such threats are still two years away.
“Anti-virus vendors see huge potential profits in selling security to billions of cell phone and PDA users,” said John Pescatore, vice president and research fellow with Gartner, in an interview with Information Week. “In particular, the anti-virus industry sees cell phones as the way to grow sales outside of a flat, commoditised PC market.”
In recent months, vendors seem to have been queuing up to provide security products for mobile devices. For instance, Symantec recently launched Mobile Security 4.0 for Symbian devices (see IT Weekly 21 - 27 May 2005). However, according to Pescatore, a real threat — which he defined as one that has the ability to infect more than 30% of mobile devices used in the enterprise — won’t happen until three conditions are met. Which will probably not be done until 2007.
The three conditions were outlined by Pescatore in a research note that he wrote with another Gartner analyst, John Girard. They are: the large-scale adoption of smartphones; the wide spread usage of wireless message to send executable files (that is files ready to be run in a particular environment, as opposed to non-executable files such as ring tones); and the emergence of one operating system having a majority share of the market, as Windows has in the PC arena.
Without widespread inter-operability between mobile devices a big attack simply can’t happen, the analysts claimed. Pescatore also criticised end-point security solutions for mobile devices as being of very limited value. Smartphone or PDA-based antivirus approaches won’t block the most damaging viruses, which would only be prevented at the network level.
This would mean that the mobile carriers themselves need to get involved in security, and Pescatore wants wireless service providers to be offering malware protection by the end of next year, ready for the threats. “By the end of 2006, all wireless service providers should be required to offer over-the-air mobile malware protection,” he claimed.
The danger with this approach would be if a hacker managed to get into the over-the-air system they would be able to spread malware directly, without needing to use viruses or worms as newer phone operating systems allow carriers to do automatic updating via over-the-air.