Over the past 25 years, the cell phone has evolved from the one dimensional brick phones to the powerful smartphone technology of today. Estimates indicate that smartphone ownership will reach 43% of the US mobile population by 2015 with Gartner stating that sales of smartphones will reach 95 million in 2011. With ever increasing processing power, and hundreds of thousands of applications currently available, the smartphone has rapidly become the primary device for everyday access to social media, banking, commerce, shopping, and personal entertainment.
What is often lost in this love affair with mobility is that the smartphone presents the same level of risk as the PC. The rapid expansion of capabilities and acceptance of these devices as an essential element of our personal and professional life has regrettably coincided with an overall indifference to security. Convenience - in the moment, on the go convenience - trumps any concern for protection of assets. The average user has a wide variety of confidential private data stored on these very personal devices, and estimates show that 40% of business professionals carry sensitive business information as well.
Look no further than the recent articles on Zitmo or DroidDream to see that the risk is real. Zitmo, a variant of the Zeus Trojan, has been adapted to target phones running the Android OS. Users are tricked in to adding a “security component” that they assume comes from their bank, but is really malware. DroidDream, malware that initially exploited a bug in older versions of Android that resulted in 58 apps being pulled from the Android marketplace, recently resurfaced in 4 additional apps in July.
User indifference is often identified as a key part of the problem. The user fails to play the role that security managers expect them to play. They do this for an obvious reason; they do not want to be inconvenienced. Vendors that assume the user should play a key role in security strategy are missing an important element in developing, and implementing strong authentication solutions for the mobile user. The user does not want to be inconvenienced. Security should operate invisibly in the background and not in any way interfere with their user experience.
1. “Smartphone Malware Report” Raising Awareness of the Threats Affecting Mobile Devices
2. Zeus Banking Trojan Hits Android Phones
3. DroidDream Again Appears in Android Market Apps
4. Smartphone Market Statisitcs
5. Research and Markets – Mobile Phone Biometric Security Report