Mobile malware threats are 'all hype,' says Twitter security researcher

IT should implement encryption, VPNs, but not antivirus software
Tools

Mobile malware threats are "all hype," Twitter security researcher Charlie Miller told the Hacker Halted conference in Atlanta last week.

Smartphone designers have learned the lessons from PC malware. "Some exploit mitigations were built in from day one. Apps run in a sandbox, they have to ask for permissions, which is not the case with desktops," Miller was quoted by Infosecurity Magazine as telling the conference.

For example, if an iPhone user reboots his or her iPhone, any exploits running on the browser will be eliminated, he explained.

"To submit an app to the Apple store, you have to register--and pay--for an account, prove your identity, and go through the review process," said Miller. This does not make financial sense for cybercriminals to write malware for Apple (NASDAQ: AAPL) smartphones. "There really isn't any iOS malware", he added.

Android, however, is much less secure than iOS. "The community polices itself--it's not as secure. Android doesn't have code signing for protection," Miller said.

The numbers seem to back up Miller. According to the Department of Homeland Security, Android accounted (.pdf) for 79 percent of mobile malware last year, while iOS accounted for only 0.7 percent. Symbian, the discontinued Nokia (NYSE: NOK) operating system, accounted for 19 percent of mobile malware.

Miller advised IT security professionals concerned about mobile malware infections to implement encryption, virtual private networks and ensure employees use built-in authentication measures, but not antivirus software."I wouldn't spend many security dollars" on mobile malware prevention, he added.

For more:
- read the Infosecurity Magazine article
- check out the DHS stats

Related Articles:
Botnet of mobile devices used for first time to distribute Trojan
Samsung teams with Lookout to beef up Android phone security