Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Last week, researchers from a security company found a flaw in iPhone software that allows it to be remotely controlled. The weak spot was in the Safari Web browser, software that’s also used on Apple’s computers. “It’s a good example of how flaws in PC software show up in a similar guise on cell phones,” says David Wagner, a professor of computer science at the University of California, Berkeley.

Cell-phone viruses have been around for nearly a decade, but many experts believe that serious threats could become a serious problem in the next couple of years thanks to the gadgets’ growing computing power and complexity. “I think a large part of this is that cell phones are becoming miniature computers,” Wagner says, “and as a consequence, they are starting to inherit some of the same problems that we face with PCs.”

Many cell phones are scaled-down computers, and they can take advantage of some of the existing efforts to make personal computers more secure, such as using antivirus software. But cell phones have their own set of problems. For instance, mobile devices are easily lost or stolen; they are accessible via a number of methods, including the cellular network, Bluetooth, and, increasingly, Wi-Fi; and they have a limited battery life and constrained processor power. Researchers have only recently started to grapple with the implications of designing cell-phone security systems that encompass these and other challenges.

Currently, a number of security companies that provide antivirus software for computers–including Symantec, McAfee, and Sophos–have also introduced products for mobile phones. Such software works similarly to computer versions, says Anand Raghunathan, senior research staff member at NEC Laboratories America, in Princeton, NJ. He says the cell-phone software tends to be more efficient and is designed to run on a phone’s lower-end processor (compared with modern desktop computers). However, these antivirus tools are scaled down a bit, “designed to have limited functionality so they don’t drain the battery too much.”

In some cases, the problems of constrained battery life and processing power can be addressed by simply running security software on the cell-phone carrier infrastructure, as opposed to on the phone. Raghunathan says that today, many carriers have software built into their equipment that scans network traffic for known signatures of viruses, bits of code that act like a fingerprint. This network software can keep malicious programs from making their way to and from people’s devices.

But Raghunathan is skeptical that security software will be the final word on keeping cell phones from harm. “I think the next generation of solutions will be hardware-based security, where phones have security built in,” he says. While security hardware alone couldn’t prevent security holes in software, such as in Apple’s Safari browser, it would “certainly limit the consequences.”

Raghunathan explains that security hardware in a phone–often an extra processor and some memory that are hardwired for specific tasks–works by dividing the phone into two environments: one that the user has access to, with all the applications, and another that is designed to be impenetrable to viruses and malicious software. Passwords and other critical information are stored in the secure environment so that even if a virus is downloaded, it can’t access the data. This sort of approach would also be useful if a phone were lost or taken, Raghunathan explains, because when it’s reported stolen, the carrier could access the secure environment to shut down the phone, locking out anyone who wanted to read the theft victim’s e-mail or look at her pictures.

3 comments. Share your thoughts »

Credit: Technology Review

Tagged: Communications, Apple, software, iPhone, mobile phones, wireless, Wi-Fi, cellphone, hacker

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me