For the last three years, security experts have warned that
mobile devices would someday be attacked as massively as the
PC. Those predictions are starting to come true according to a
recent survey of more than 200 mobile operators, though two
security experts said the overall threat remains low.
 | | | | | We do know that mobile phone
attacks are much, much rarer than malware attacks against regular
Windows desktops and laptops.
Graham Cluley,
senior technology
consultantSophos |
| | | | | |
| |
|
Eighty-three percent of mobile operators surveyed by Informa
Telecoms & Media on behalf of McAfee Inc. between December and
January acknowledged they've been hit by mobile device infections.
Respondents, who answered questions on a variety of mobile security
issues in an anonymous online survey, also acknowledged that:
- The number of mobile security incidents in 2006 was more than
five times as high as in 2005.
- The number of mobile operators in Europe and APAC reporting
incidents affecting more than 1,000 devices more than doubled in
2006.
- All operators spent $200,000 or more on mobile security in 2006
compared to 2005.
- The number of mobile operators estimating that the cost of
dealing with mobile threats is more than 1,000 hours increased by
700%.
"What surprised me about the response was that 83% of carriers
acknowledged they had experienced mobile malware," said Jan Volzke,
head of marketing for mobile security at McAfee. "We had earlier
estimated internally that the number would only be half of
that."
He said carriers are feeling a growing sense of urgency about
addressing the problem, since an increasing amount of data is being
accessed on mobile devices. Because of that, he said, the carriers
are now looking at security as a business risk in need of
investments instead of a way to make more money.
Respondents said customer satisfaction has been a casualty of
the increased infections. Nearly 30% said subscriber satisfaction
had suffered more than any other factor, including revenue. The
second-biggest side effect has been the quality of network
performance.
Nearly 80% described it as a public relations problem, but less
than a third of those who consider application and device-level
protection important have actually deployed defenses at these
levels. But respondents suggested this is about to change:
Eighty-five percent of respondents said they'll increase their
mobile security budgets to tackle issues including network
intrusion, mobile viruses, denial-of-service attacks, spam and
mobile phishing.
Security vendors have begun trying to capitalize on that
increase in spending. McAfee recently released its Mobile Security
Risk Management product, while Symantec Corp. recently announced
the availability of its Mobile AntiVirus 4.0 for Windows Mobile and
Sophos released its Mobile Security product.
While mobile security is a growing issue, Sophos senior
technology consultant Graham Cluley said IT professionals need to
keep the overall threat landscape in perspective. For now, that
landscape is nothing to panic about, he said.
"We haven't polled the mobile phone operators ourselves, so we
can't confirm McAfee's findings," Cluley said in an email exchange.
"However, we do know that mobile phone attacks are much, much rarer
than malware attacks against regular Windows desktops and
laptops."
While there has been concern in the past about security vendors
hyping the mobile threat to boost sales, Cluley said there's no
doubt more companies are looking to protect their mobile devices as
they become more integrated into their business. Therefore,
security vendors are right to start focusing on mobile
defenses.
But, he added, "It's important to keep the threat in
perspective. There are over 214,000 different viruses for PCs, but
only around 200 examples of malware for PDAs and mobile phones.
None of those can be considered widespread."
Mikko Hypponen, director of antivirus research for
Helsinki-based F-Secure Corp., agreed.
"We've seen a steady increase in the amount of reports mobile
virus infections from the field," he said in an email exchange.
"However, the situation is still far from being as bad as it is on
the PC side."