First, the article which has just blown my mind.
In short, a couple of researchers who’ve made a name for themselves showing the insecurity of mobile devices have created a company which will offer security software for said mobile devices.
And now, the snippets that strike me as particularly bizarre:
“It feels a lot like it did in 1999 in desktop security,” said John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. “People are using the mobile Web and downloading applications more than ever before, and there are threats that come with that.”
1999 was Post-Melissa Era, when stuff completely hit the fan. This was well past the “viruses are theoretically possible” stage, and into the “viruses get so big they make the evening news” stage.
Mr. Hering and his co-founder, Kevin Mahaffey, 25, have been publicly demonstrating the weaknesses of mobile phones for some time. In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection.
As much guff as anti-malware researchers get about being the ones who create viruses, this immediately raises my hackles. Are mobile devices insecure? Yes. Is there a market for mobile security, especially as phones become more powerful? Absolutely. It sounds like this could even be some interesting technology.
But it will be very hard for them to be taken seriously when they’re saying and doing things like this.
I think the quote that best sums up my feelings on the matter is this:
Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically “been a solution in search of a problem.” But he said mobile viruses had recently become more common in Asia. His own Nokia N97 phone even caught a bug recently, though software he was running from F-Secure, a Finnish security company, caught it in time.
Mobile viruses are, in countries with more advanced/powerful cellphone technologies, at about where PC viruses were in 1991. The first anti-malware products are coming to market, there are around 1000 viruses known to be in existince, but it has ceased to be a problem. Considering the first PC virus had been found 9 years earlier, it will be interesting to see if phone viruses continue to develop on a roughly equivalent time-scale.