- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
The opening up of the mobile industry is great news for application developers but not so good for IT security professionals who want to sleep at night, executives from the security industry said Thursday.
Mobile phone operating systems have been highly fragmented and carriers have tightly controlled the applications that can easily be used on phones, but that approach is giving way to open-software platforms and easy-to-use application stores. In addition to Apple's recently introduced iPhone SDK (software development kit), Google's open-source Android platform is due on phones soon and an open-source version of Symbian is on the way.
"Everyone has now decided that the developers are very important for the future of this business. If a developer can load software on a device, a hacker can load software on a device," said Mark Kominsky, CEO of Bluefire Security Technologies, during a panel discussion at the CTIA Wireless I.T. & Entertainment show in San Francisco. "I think we're probably 12 to 18 months away from something big happening," he added.
Mobile devices are beginning to have high bandwidth, open platforms and the ability to load new software, Kominsky said. "Those are the critical elements that occurred in the notebook when viruses took off about 20 years ago," he said.
Symbian, the single most widely used mobile software platform, has already wrestled with the dangers of openness to third-party developers, said Khoi Nguyen, group product manager in mobile security at Symantec. Symbian 7 and 8 were fairly open and allowed almost any application to be installed and run. This led to a few hundred viruses being introduced within a couple of years, so Symbian 9 was locked down significantly, he said.
That made it much harder and more expensive to develop applications for the OS, even for a big company such as Symantec, Nguyen said.
Symbian and other platform vendors will have to find a balance between security and openness, he said.
By the same token, the fragmentation of the mobile world that has hobbled software developers still insulates phones from the onslaught of attacks on PCs.
Symbian has less than 70 percent of the market, Nguyen said. "It makes it very hard for a hacker to develop a single threat ... that can run on all these different platforms," he said.
The Leader in Network Knowledge
Comment