A friend gathered us together for drinks at a local bar a few months ago.
One had just bought an iPhone so we grabbed our devices to clink them in the geekiest of geeky toasts.
Once I overcame my mortification I wondered if smart phones had achieved sufficient market penetration that malware authors would take them seriously?
Later, when I was at this year's Defcon, the most popular seminar tracks exploited mobile phone vulnerabilities.
It's difficult to say that anything "pwned" (pronounced "poaned", meaning to defeat) at IT security conferences such as Defcon or Blackhat is ready for malware prime time because there is such cachet in hacking the coolest toy.
But the week after the conference it began to look ugly for these popular phones.
Apple released a security update for its iOS iPhone operating system to patch a vulnerability brought to light by JailBreakMe, a way to short-circuit Apple's AppStore, and the first SMS trojan in the wild caused Android users to send messages to premium text services.
That last shows an interest in malware for profit.
It's speculated that the next iPhone will contain near-field communication technology to enable its use as a mobile wallet.
Outside the US it has been used for some time with few problems. Will the iPhone bring it to a wide-enough audience that it will be of interest for financial malware? Will it cause enough demand that new phones will include it?
We still have not had a "Melissa-level" mobile malware event, a widespread infection that brought such threats to the fore of public debate, and it's conceivable that mobile malware will remain a fringe trend even with all these enticing qualities.
I doubt that the average home user will clamour for security software on their phones for quite a while. And there won't be the feeling as there is with Windows that a user is reckless without security software.
I'm already hearing grumblings that security-conscious companies need to prepare for such attacks.
For those with such phones, the advice is:
- Don't enable Bluetooth until you need it
- Install security patches
- Don't download unapproved apps
- And if you're a network administrator, write policy for these devices in your environment
Mark Thomas works for West Coast Labs, an IT security testing and validation consultancy.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
