Posted on | March 11, 2008 | 2 comments
Knew this was coming. Cyber criminals in the hunt for fertile territory have begun branching out into the mobile space, namely cellphones, especially pocket computing devices like the iPhone and Windows Mobile handhelds. Look how quickly researchers swarmed all over the iPhone flushing out ripe security holes. It’s a natural extension of the Grayhat and Blackhat vulnerability research community, whose rise we chronicle in Chapter 1 of ZDT. Here’s an excerpt from the book:
White Hats were good-guy hackers who took to incessantly exposing new Windows vulnerabilities. White Hats argued that the intense scrutiny would compel Microsoft to take security more seriously and patch security flaws with more alacrity. Black hats were the bad guys. Black Hats searched for vulnerabilities, too, but were just as apt to wait for the White Hats to discover them, then take advantage. Gray Hats were somewhere in between, sometimes contributing to the cause of good, other times behaving more like Black Hats.
In this frenzied world of conflicting motivations, a kind of arms race took shape among White Hats, Black Hats and Gray Hats. Each group hustled to be the first to find the next gaping Windows security hole, referred to as a “vulnerability.†The number of known Windows vulnerabilities—flaws that could be exploited over the Internet—would balloon tenfold in four years, from 417 in 1999 to 4,129 in 2002, according to the CERT Coordination Center. Hackers were forced to pick sides in a polarized debate over when to disclose a newly discovered security hole. Proponents of “full disclosure†championed the practice of broadly announcing new vulnerabilities immediately upon discovery, the better to compel Microsoft (or other software vendors whose products were found lacking) to expedite a security patch. Opponents of full disclosure advocated notifying the software vendor first and giving the vendor a grace period of several weeks to prepare a patch before publicly announcing the new flaw.
I’m already starting to hear from tech security firms like Bluefire and TeleCommunication Systems busy preparing security products and services to help cellphone makers and their partners stay in front of the coming tide of mobile hacks and scams.
“Mobile users are trusting. We use our phones for any and everything, without any protection, and don’t think about the consequences,†Bluefire CEO Mark Komisky tells me. “Hackers are beginning to target mobile users with viruses, spam, and other malicious code, and we walk around completely vulnerable to these threats.â€
Add to this the possibility of a lost or stolen device, and it becomes pretty clear that the threat is here to stay, and will only worsen . “Mobile users need a safety net that protects them from inevitable threats – including mobile spam and identity theft – before it is too late,†says Komisky.
But here’s another lesson from cybercrime’s rapid saturation of the PC world: the good guys fell way behind, and remain way behind. I wonder if cellphone companies and their partners will move proactively to stay in front of the migrating threat–or wait until enough consumers get ripped off. What do you think?
Comments
What is the latest and most expensive cellphones this year ?.**
Comment by Thomas Williams — 5/19/2010 @ 8:18 pm
cellphones these days are getting ultra-modern and packed with lots of features;-,
Comment by Evan Foster — 8/30/2010 @ 1:03 am