Anti-Spam, Hacking and Virus Security: How Will Smartphones Survive?

Consider these real-world facts:

– The mobile phone market has grown quickly and steadily,  with 4.1 billion activated devices⁽²⁾ world-wide by the end of 2008 and an estimated mind-boggling 4.6 billion in 2009⁽⁴⁾! Smartphones are expected to reach 20% of all mobile phones by 2013^(7)..

– Smartphones are now connected to the Internet through ultra-fast networks, and they’re getting even faster with the latest 3G, 3.5G, 3.9G and 4G technologies.

– Smartphones offer a wide range of communication protocols: Bluetooth, Infrared, SMS, Instant Messaging, Email, Web and Facebook.

– Smartphones typically don’t use anti-virus software or firewalls like desktops and laptops do. They have poor logging, tweaking, auditing and administration features and fewer spyware-cleaning tools.

Recent research by In-Stat found that ‘Smartphone security is still inadequate and is likely to be a source of problems for users and their employers.’⁽⁷⁾

So, what’s saving the mobile phones from viruses and hacking? Researchers at the Center for Complex Network Research at Northeastern University⁽¹⁾ indicate the reason might simply be that there is a wide variety of Operating Systems: Symbian, RIM Blackberry, Apple iPhone, Windows Mobile and Google Android. Indeed, this variety creates a moving target for potential attackers.  This scenario may change if (and when) a specific OS takes over the majority of the mobile phone market (think Windows®).

What happens then? What happens when mobile phones start regularly experiencing virus outbreaks that spread like wild fires through a variety of communication media? Will we need to install anti-virus software and firewalls on our Smartphones? Will we need to conduct Deep Packet Inspection (DPI) on our Mobility Service Providers (and deal with more privacy issues )?

And what will happen if nothing is done?  Think about it: the Smartphone is an electronic device fully internet-capable.  Now, think about botnets: these gigantic networks of infected devices controlled by a botnet master renting firepower to spammers.  These 1 billion Smartphones can browse web pages and social media sites like Facebook, execute scripts, run executables, connect to a multitude of SMTP servers to send and receive spam email, connect through FTP, telnet and SSH to update botnet targets and contents, synchronize and access your computer, laptop or even other phones through USB, Wi-Fi or Bluetooth and infect even more devices.  Oh, and, it’s always powered on, always connected through super-fast IP networks whether you are at home, in your car, at work or sleeping.  And it’s completely unprotected.  Come to think about it, this could very well be a botnet’s dream come true.

And what about spam? The vast majority of Smartphone users regularly use these devices to check their email several times a day, or even every couple of minutes.  Broadband connection users currently have plenty of bandwidth and can afford to do client-side spam filtering. But what about mobile connectivity where users pay on a per-megabyte basis, with very limited monthly plans? The amount of spam email combined with anti-virus and anti-spam updates would cause major over-usage charges if spam filters were to be installed on the Smartphones.  But there is more: how do you envision sorting through hundreds of spam emails on a 4-inch screen and a stylus?

A better option in both scenarios would be to simply cut the monster’s head at the source and improve email security directly at the SMTP connection (e.g. on the Exchange or Lotus mail server).  After all, most infections are transmitted through email.  Today’s anti-spam and email security appliances offer an extended level of protection against all kinds of spam, fraud, phishing and viruses, and are the ideal medium for solving this incoming threat.

What’s your opinion? Will spammers and hackers target mobile phones in the near future? Will mobile phone manufacturers incorporate device-specific protection? Will mobility service providers offer filtering solutions for home users and business users? Will Smartphones be subjected to the same attack scenario as personal computers?

Sources:
(1) ‘Scientists predict mobile phone viruses will pose a serious threat’, PhysOrg.com (2009)
(2) ‘Measuring the Information Society: The ICT Development Index. International Telecommunication Union’, International Telecommunication Union (2009)
(3) ‘Mobile phone’, Wikipedia (2009)
(4) ‘4.6 billion mobile subscriptions by the end of 2009’. International Telecommunication (Oct 2009)
(5) ‘Smartphone’, Wikipedia (2009)
(6) ‘Mobile operating system’, Wikipedia (2009)
(7) ‘Smartphones Will Double Their Share of the Handset Market by 2013’, In-Stat (2009)