Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Smartphone Is Safer Than Your PC — For Now

Posted by CmdrTaco on from the ominous-chords-go-here dept.

snydeq writes "InfoWorld's Galen Gruman reports on the future of mobile security — one that will see a significant rise in exploits as valuable information increasingly migrates to mobile devices. To date, sandboxing and code-signing have helped make mobile OSes relatively secure, when compared with their desktop brethren. But as devices store more valuable information than email, they will become more enticing to hackers currently breaking into Windows PCs. And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use — too many for Google or the carriers to patch securely. And as the PDF-jailbreak vulnerability showed, sandboxing has its limits when it comes to securing the browser — the most likely point of entry for exploits not due to the rise of extensions, helper objects, and plug-ins on the mobile Web."

9 of 125 comments (clear)

  1. Are variants a bad thing? by DrXym · · Score: 4, Insightful
    And the biggest bulls-eye appears to be on Android, in large part because its architecture is most like that of the desktop PC but also because there are so many variants in use -- too many for Google or the carriers to patch securely.

    So if an exploit occurs it will likely only affect some handsets as opposed to every handset.

    1. Re:Are variants a bad thing? by John+Hasler · · Score: 4, Insightful

      So if an exploit occurs it will likely only affect some [Android] handsets as opposed to every handset.

      But the scary news stories will omit that little detail.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Are variants a bad thing? by djdanlib · · Score: 3, Insightful

      So we'll all be depending on multiple carriers' good patching practices, to make sure the patch for foolib-1.2.3-r4 gets pushed to all their Frobnitz Model 200 phones that they released two years ago and have since deprecated and replaced with Model 201, 220, 240, and 250, now with more shiny (but everyone still gets them because they're free with a new contract.) And by the way, it's going to be on your data bill. Call me pessimistic, but I don't think it'll happen in a timely fashion when someone discovers a vulnerability.

      Crackers compete over who can own the most boxes just so they can have bragging rights. Oh look, such-and-such group disabled e911 for 20,000 people, why hasn't OUR group done that yet? We'd better do something even bigger so we can be elite again. Someone will find the loose rivet in the armor, and it'll be like a colonial land grab for a few months until the patch gets distributed.

    3. Re:Are variants a bad thing? by tlhIngan · · Score: 3, Insightful

      So we'll all be depending on multiple carriers' good patching practices, to make sure the patch for foolib-1.2.3-r4 gets pushed to all their Frobnitz Model 200 phones that they released two years ago and have since deprecated and replaced with Model 201, 220, 240, and 250, now with more shiny (but everyone still gets them because they're free with a new contract.) And by the way, it's going to be on your data bill. Call me pessimistic, but I don't think it'll happen in a timely fashion when someone discovers a vulnerability.

      It's already happened on Android. Manufacturers are out making their latest rev and they ignore the bugfiles to their current line of phones. Or they do and pass it onto the carriers who may or may not force an update. Of course, if said update will remove things like root and custom ROMs, they'll probably push it.

      But phones getting abandoned at whatever Android version they shipped with are already happening - I think the early Samsung phones were promised 2.0, but ended up with 1.6 only with an official letter. And others are stuck with 2.1 with no upgrade to 2.2. The only good part is these phones often are early models and easy to root and recover, so unofficial ROMs exist. But later ones may not be so lucky.

      Really, the only Android phone that's not under carrier control is the Nexus One, which gets updates straight from Google. The wierd thing is, why can't Google pull an Apple? The iPhone gets updates from Apple, leaving out the carrier middleman, even if the user is paying a contract on the iPhone.

      Google's big enough, let's see it happen and end all this Android loaded with crapware stuff.

    4. Re:Are variants a bad thing? by beakerMeep · · Score: 3, Insightful

      Indeed. And as the Apple PDF exploit showed, Android is in trouble.

      --
      meep
  2. And the first ones out of the gate will be easy by elrous0 · · Score: 3, Insightful

    People have such a false sense of security about their smartphones right now that the first virus or truly inventive hack is going to have a frickin' field day. iPhone users are particularly cocky about how secure their phone is (and Apple isn't exactly a speed demon when it comes to security patches for their OS's either).

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:And the first ones out of the gate will be easy by node+3 · · Score: 4, Insightful

      People have been saying this about the Mac for a decade now, too. I'm glad I didn't hold my breath waiting for this supposed apocalyptic day of comeuppance...

  3. Android less secure? by cyber-vandal · · Score: 4, Insightful

    Windows is an easy target because it's a huge badly-secured monoculture. How does having several different versions of Android to attack make it similarly insecure?

    1. Re:Android less secure? by bsDaemon · · Score: 4, Insightful

      The mistake of letting users interact with them. Users are the number one security flaw in any system.