Mobile: Are Security Risks Overblown?

ENISA Researcher: Mobile Technology Has Advantages

By , September 23, 2011.
Mobile: Are Security Risks Overblown?
Read Transcript

Mobile apps and smartphone security are increasing global concerns. But Dr. Giles Hogben of ENISA says mobile malware mania is a bit overhyped, since mobile is actually more secure than most other platforms currently on the market.The European Network and Information Security Agency has published a new report about mobile application security, highlighting lines of defense for mobile malware protection. But Hogben, an author of the ENISA report and program manager for ENISA in Greece, says mobile malware concerns, while relevant, are vastly overblown. [See Mobile Banking: The New Risks .]

"Mobile browsing actually does have some advantages," Hogben says. "Mobile security is still much better than other areas of security."

That said, Hogben does acknowledge emerging mobile risks, which will be magnified by the exponential global growth in use of mobile technology, namely smartphones.

"The mobile market is growing faster than any technology has ever grown before, and that's pretty difficult to do," he says. "There are now more Internet-enabled phones than PCs. ... and Google just announced that they're activating 500,000 Android devices every day. That's pretty amazing, I think."

Hogben says market research suggests the worldwide sale of smartphones during the second quarter of 2011 totaled 100 million devices.

"There are loads of specific risks to mobile phones, and smartphones, in particular," Hogben says. "One relates to what I call 'loseability.' Mobile devices are much more easy to lose than a laptop or PC."

And if a mobile phone is lost or left behind in a taxi, for instance, and the data it stores is not encrypted, then that's a big security problem. "Encryption is difficult," Hogben says. "And the app security is a concern, since there are things that every app has access to, like the address book."

That connection or tether between mobile apps and other data on a smartphone can lead to leaks, since most apps, by default, collect mobile-user details when they are installed. So, it's not malware as much it is the design of mobile apps that poses the greatest security worry.

"There are a lot of apps that are kind of on the borderline of malware because of sloppy coding," Hogben says. "They're actually collecting much more information than they need to ... like collecting your device identifier. ... If you post an image on Facebook or another social network from your smartphone, then those details can leak to Facebook, which could reveal your location details," Hogben says.

Antivirus products have been introduced for the mobile market, but most fall short. They can't intercept malicious malware, and most are limited in what they can actually do.

During this interview, Hogben discusses:

  • The challenges of detecting and blocking malicious apps on mobile devices;
  • Conflicts between mobile operating systems and HTML permissions in mobile browsing features that pose security concerns;
  • What the market can expect to happen if HTML 5 becomes the standard for mobile devices.

Hogben is program manager for secure services at the European Network and Information Security Agency in Greece. He has led numerous studies about network and information security, including those that touch on topics like smartphone security, cloud computing, social network security and European identity card privacy. Before joining ENISA, he was a researcher at the Joint Research Centre in Ispra, Italy, and led work on private credentials. He has a PhD in computer science from Gdansk University of Technology in Poland and graduated from Oxford University, U.K., in 1994 with degrees in physics and philosophy.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE NATO Declares Joint Cyber Defense

A decision as to when a cyber-attack would lead to the invocation of Article 5 - the provision that...

Latest Tweets and Mentions

ARTICLE NATO Declares Joint Cyber Defense

A decision as to when a cyber-attack would lead to the invocation of Article 5 - the provision that...

The ISMG Network