Security Research
Showing results for 
Search instead for 
Do you mean 

Mobile Security at RSA: Not Just a User Problem

SejalKamani on ‎03-11-2013 01:51 PM

The big thing, as expected, at RSA this year was mobile security. With consumer devices such as smartphones (>600Mu) and tablets (>100Mu) entering the mainstream workplace it is natural that mobile security should be the number one security concern.  The biggest threat to mobile security is the proliferation of mobile malware – specifically Android malware which is growing at an alarming rate and threatening the entire enterprise ecosystem. 

I attended a couple talks on mobile malware. Disappointingly, there was nothing new being said about the malware issue. Missing from these talks was information or indication of any advanced research being done by threat security researchers in either academia or industry to address this problem.

The main message was that tried and true techniques from the PC world such as phishing attacks, spams and drive by downloads are now resurfacing in the mobile world.  According to a panel of experts on the “50 Minutes Into the Future: Tomorrow’s Malware Threats”, mobile malware writers have no incentive to reinvent or elevate the attack surface from software to hardware as there is still a lot of low hanging vulnerabilities present in software that can be exploited. Overall, the future of mobile malware exploits looks the same as present day mobile malware exploits, just more pervasive.   

An interesting note made by this panel however, was that while malware writers are quickly drawing on their experience from the PC world to rapidly bear on the mobile market the mobile industry has been slow in reacting to combat this threat.  The burden of this response is being put on the end user to educate themselves to thwart these attacks. This cannot be sufficient. 

While end user education on mobile security is imperative, it is hard to imagine the mobile industry not having to gear up a rapid response to combat this threat.  The stakes posed by malware, are high for the mobile industry as the number of sensitive and monetary transactions conducted using mobile devices continue to rise. This represent a great opportunity for the whole mobile ecosystem to work together, from devices leveraging hardware based security mechanisms, to OS’s using better memory protection and sandboxing techniques, to more controlled marketplaces and the development of state of the art malware detection tools to effectively fight this battle.

0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all