Chapter 21. OK, Your Mobile Phone Is Insecure; Should You Care?
Security vendors have long been predicting that bad guys are soon going to be targeting mobile phones. There’s a “boy who cried wolf” effect here. People have heard the prediction so many times that they have stopped listening.
As far as I can tell, this prediction first emerged in 2000. AV vendors have had mobile phone products out there since 2003, maybe earlier (Airscanner seems to be the oldest mobile phone security product I can find, and it was clearly out no later than 2003). Every year brings new predictions and new products. Yet, there is almost no true malware for mobile phones. There really is no good reason to be listening to the doom and gloom.
The big question here is why the bad guys haven’t gone after mobile platforms. After all, there were almost as many smartphones sold last year as there were laptop computers (both in the 120–125 million range).
And, despite what some people believe, there is money to be made from hacking phones. A bad guy could still use malware on a phone to do things like send spam. But there are other things a bad guy can do. For example, in Europe, there’s a widely adopted technology called pay-by-SMS, where you can pay for things just by sending a text message. You can pay for online things this way, but you can also buy sodas from soda machines, and things like that. A bad guy could break in to a phone in Germany and use it to buy himself a soda in Finland using pay-by-SMS technology. ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
