By Jason Kohn, Contributing Columnist
In the 20 years we’ve had to get used to the Internet, we’ve learned a lot about web security and our own role in keeping ourselves safe from the nastiest things out there. At the very least, most of us now recognize the need to install antivirus software on our computers and to keep that software updated.
When it comes to the other kinds of computers we use though – our ubiquitous smartphones and tablets – it’s a different story. According to a 2011 report by Canalys, just 4 percent of the smartphones and tablets shipped the previous year had some form of mobile security installed.
A survey of 5,000 mobile users in four countries conducted by AVG Technology earlier this year indicated that 80 percent of consumers were unaware of the risks of malware on their mobile devices. And despite the fact that one in four mobile users stores intimate photos on their device (!), 70 percent of them had no idea that they could use their phone’s security features to remotely delete them if their phone was stolen.
This disconnect between how consumers perceive mobile security and the threat that actually exists is a big problem, and it’s getting bigger.
A Growing Mobile Malware Threat
Darrell Etherington of TechCrunch described the findings of an NQ Mobile study conducted this February:
[The study] found that malware threats in general on mobile platforms grew 163 percent in 2012, totally more than 65,000 identified distinct forms of app repackaging, malicious URLs and SMS phishing (also known as smishing). The attacks were mostly geared towards Android devices, which was the platform of choice for almost 95 percent of threats identified by NQ….
NQ Mobile’s report found that more than 32.8 million Android devices were infected over the course of 2012, up more than 200 percent from 2011.
A Feburary 2012 survey of more than 4,000 organizations published by security research firm the Ponemon Institute and web security firm Websense echoed these results. According to Kristin Brent at CRN:
“Fifty-nine percent of Ponemon’s respondents said they’ve seen a jump in malware infections over the past 12 months due, specifically, to insecure mobile devices including laptops, smartphones, and tablets. And a pretty hefty jump, at that. Thirty-one percent of those who have noticed a spike in malware cases said the increase was by more than 50 percent.”
Grappling with the Threat
It’s not as if no one recognizes the seriousness of this problem. Enterprises are acutely aware of the risk to their networks posed by mobile device malware. And as more and more of them embark on bring-your-own-device (BYOD) initiatives, they are investing significant resources into finding ways to protect against that threat. Canalys projects the market for mobile security for enterprises to grow at an annual rate of more than 44 percent, becoming a $3 billion market opportunity by 2015.
But what about the millions of mobile device users who don’t work at a company with a mobile security program? At this point, they’re still basically on their own.
Third-party security apps are available in the Google Play Store and Apple App Store for Android and iOS devices respectively. But they require individual users to a) recognize this threat, b) take the initiative to learn about what they can do about it, and c) download, install, and properly configure one or more security apps. It’s a lot to expect of your average mobile device owner.
Stay Safe Out There
For most consumers, the scope of the malware threat remains largely a function of where you live. While mobile malware is skyrocketing worldwide, it’s still relatively rare in North America. In its annual State of Mobile Security report, Lookout Mobile Security reported that, while the threat (especially to Android users) exists worldwide, users in Russia, Ukraine and China are most likely to see an attack on their device.
The report also offered a number of tips to keep your device safe, including:
- Setting a password for your device
- Downloading apps only from trusted sources
- Using caution when clicking any web link
- Using third-party security apps
- Looking out for suspicious charges on your bill
- Downloading device firmware updates as soon as they’re released
All good advice, but it’s advice that many mobile device users won’t end up following. Ultimately, wireless providers and mobile device manufacturers are going to have to take a much larger role on this issue before we see real widespread change in consumer behavior. They can help by:
- Educating consumers about the mobile security threat and the need to protect their devices—just as the computer industry has done
- Shipping devices with more robust anti-malware capabilities, and clear instructions for users on how to use them
- Accelerating their capabilities to detect new vulnerabilities and threats, and push out updates to device software and operating systems to thwart them
It’s a lot to ask of all parties – mobile operators, device manufacturers, software developers, and consumers alike. But for a problem this big and complex, it’s the only way we’re likely to see real solutions.
Share Your Experience
Have you seen mobile malware or another kind of mobile security attack firsthand? Do you use third-party security software on your phone?