Smartphones and Security Don’t Mix

If you’re like me and you were around back when hardware and software were essentially dominated by the Wintel crowd, you probably remember something very troubling about that era. Remember how software and hardware were developed separately and the issues this caused? Well the same people who brought us this failed model have delivered it to us once again in the smartphone arena. What we have now is a repeat of the Windows security problem, only it’s now spun out to devices that are nearly impossible to manage.

But wait, that’s not all.

Because of the costs involved in producing mobile hardware, manufacturers are not doing any security quality assurance. One manufacturer flat-out refuses to allow any security applications on its handsets. Yet, there are hardly any security tools available today that address the exploding mobile marketplace.

Many of us remember when cellular carriers would not pass TCP traffic, and bandwidth limitations made it not economically viable to attack mobile devices. On top of that, processing power was very limited and unable to carry out meaningful or profitable attacks.

Those days are gone. Now, carriers will pass TCP traffic, and bandwidth capacities have reached speeds conducive to perform much of what we do on workstations. Processing power has significantly improved in the past five years, bringing smartphone capabilities in line with late 1990s-era PCs. This provides attackers with a wonderful platform to set persistent control channel capabilities for malware, spyware and botnet activities.

Read the rest at Enterprise IT Planet.