Mobile Malware Isn’t So Bad, For Now
This weekend a Swiss computer security researcher released an application designed to demonstrated the kind of personal information that a malicious iPhone application could potentially harvest personal from unwary users (pdf). The disclosure came just two weeks after the first truly malicious iPhone worm was released for jailbroken iPhones.
So, are we’re on the brink of a mobile malware pandemic?
Not necessarily, says MikkoHypponen, chief research officer for the Internet security company F-Secure, based in Helsinki, Finland. Hypponen has been collecting mobile malware specimens for the past 10 years. His count, so far, is 454 mobile viruses and Trojans since 2004. And, despite many security experts predicting that serious attacks against mobile devices are inevitable, Hypponen has observed the opposite trend. “Instead of getting worse, malware on mobile devices has been slowing down over the past two years,” he says.
The main reason, Hypponen suggests, is that most phone platforms exercise more control over the applications they run than desktop computers do. For example, mandatory application signing for the iPhone means that programs can’t run without authorization from Apple. Android’s open platform doesn’t use mandatory signing, but Google has designed a new security model for the operating system to minimize the damage that can be done by a malicious application.
Hypponen also believes that fragmentation in the phone market has hindered malware writers so far: no single mobile operating system dominates the way Windows does on the desktop, so it’s hard for virus writers to know where to focus their efforts. Furthermore, he says, far fewer people have the sort of low-level knowledge of specific mobile devices that’s needed to create successful malware.
However, Hypponen notes that the malware observed so far requires a user to install something malicious, instead of exploiting a vulnerability in the operating system itself. The real danger, he says, is when malware authors discover ways to attack a mobile device without that level of user participation.
“When that happens,” Hypponen says, “everything we know about mobile malware will have changed.”
Keep Reading
Most Popular
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.