Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Security at RSA: Not Just a User Problem

SejalKamani on ‎03-11-2013 01:51 PM

The big thing, as expected, at RSA this year was mobile security. With consumer devices such as smartphones (>600Mu) and tablets (>100Mu) entering the mainstream workplace it is natural that mobile security should be the number one security concern.  The biggest threat to mobile security is the proliferation of mobile malware – specifically Android malware which is growing at an alarming rate and threatening the entire enterprise ecosystem. 

I attended a couple talks on mobile malware. Disappointingly, there was nothing new being said about the malware issue. Missing from these talks was information or indication of any advanced research being done by threat security researchers in either academia or industry to address this problem.

The main message was that tried and true techniques from the PC world such as phishing attacks, spams and drive by downloads are now resurfacing in the mobile world.  According to a panel of experts on the “50 Minutes Into the Future: Tomorrow’s Malware Threats”, mobile malware writers have no incentive to reinvent or elevate the attack surface from software to hardware as there is still a lot of low hanging vulnerabilities present in software that can be exploited. Overall, the future of mobile malware exploits looks the same as present day mobile malware exploits, just more pervasive.   

An interesting note made by this panel however, was that while malware writers are quickly drawing on their experience from the PC world to rapidly bear on the mobile market the mobile industry has been slow in reacting to combat this threat.  The burden of this response is being put on the end user to educate themselves to thwart these attacks. This cannot be sufficient. 

While end user education on mobile security is imperative, it is hard to imagine the mobile industry not having to gear up a rapid response to combat this threat.  The stakes posed by malware, are high for the mobile industry as the number of sensitive and monetary transactions conducted using mobile devices continue to rise. This represent a great opportunity for the whole mobile ecosystem to work together, from devices leveraging hardware based security mechanisms, to OS’s using better memory protection and sandboxing techniques, to more controlled marketplaces and the development of state of the art malware detection tools to effectively fight this battle.

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all