Android an open invitation to hackers?

By Source Seeker on Mon, 09/15/08 - 7:52am.

There is really only one thing stopping today's mobile phones from becoming attractive targets for hackers. The marketplace is so fragmented, with several mobile phone carriers, OSes, and applications, that no one hack could be assured of reaching enough phones to make it worthwhile. As a result, hackers for the most part have been content to focus on the low-hanging fruit of Windows PCs, leaving mobile phones relatively undisturbed. But that's all changing fast, now that the mobile industry is becoming more open, especially with the advent of the Apple iPhone SDK, the upcoming open Symbian platform and the first Android-based phone, which is set to debut Sept. 23. According to this IDG News article, all this new openness may good for developers, but it's a looming disaster for enterprises.

The stars are aligning and experts say the upshot is that mobile phones will soon be too irresistable for hackers to ignore. Mobile devices are beginning to have high bandwidth, open platforms and the ability to load new software, noted Mark Kominsky, CEO of Bluefire Security Technologies, at the recent CTIA Wireless show in San Francisco. "Those are the critical elements that occurred in the notebook when viruses took off about 20 years ago," he said, adding:

"Everyone has now decided that the developers are very important for the future of this business. If a developer can load software on a device, a hacker can load software on a device. I think we're probably 12 to 18 months away from something big happening."

The upshot is that enterprises now have to take the same steps for their mobile platforms that they've been taking for years on their more traditional endpoints. These include building and enforcing security policies, pushing out regular software updates, using password protection and encryption, and disabling features not required for business. The alternative is to leave themselves open to what's becoming more inevitable: a large-scale attack affecting the enterprise and its increasingly mission-critical mobile devices.

Tags

About Source Seeker

The Source Seeker blog is written by Julie Bort, editor of the Open Source Subnet site as well as the Microsoft Subnet, Cisco Subnet sites. Indeed, Bort is the Online Community Editor for all of Network World. She also writes The Microsoft Update blog. If you have an idea for a blog, or a news tip on open source, Microsoft or Cisco, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.

Open Source Subnet is the independent voice of open source users and is your gateway to daily open source news, blogs, tips and more. Visit the Open Source Subnet home page daily.