Are We Admitting Defeat on Mobile Security?

Thursday, February 17, 2011

Lee Mangold


We all know the security of mobile devices is becoming more important as technology and "app" availability grows.  

Mobile devices are not just easy targets, but high value as well.

Never before has the attacker had the ability to listen to phone calls, read emails, read SMS messages, geo-locate, watch and listen in on conversations of the victim all at the same time.

This is what you call pwnd!

An article titled Experts Agree: No Easy Fix For Mobile Security just posted to the other day.

In short, the "experts" agree that mobile security is a new brand of security that we need to be aware of and handle the same way everything else.

This assertion makes me angry...

Android, iOS, Blackberry OS and even Windows Mobile have not been on the market for the past 20 years. These are still newcomers in the computer world.

What if OS developers spent more time on incorporating security into the OS as a primary function? Why aren't we using object-capability models and sandboxes as a part of the basic OS? Do we just admit defeat now and accept an OS with outdated security?

As it currently stands the OS developers are leaving security largely in the hands of the end users.

It's time for the OS manufacturers to stand up and make this change. Unfortunately a tight security model and app sales don't exactly scale together...

Now, imagine my dismay when I delivered a report to one of my DoD colleagues about mobile phone development to which he replied "We don't do security here. We do R&D"... We still have a lot to learn...

Lee is the CEO of LVM Engineering, Inc., founder of INFOSEC School, and a US DoD IT security contractor. This article expresses the views of the author, and not necessarily his affiliate organizations or the United States government

Possibly Related Articles:
Mobile Devices Operating Systems Smart Phone Security sandboxing SMS
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.