Fone FUD

MarketWatch reports that, according to Roel Schouwenberg of Kaspersky Lab Americas, Android and iPhone handsets will be the next target for hackers.

Kapersky is a leading manufacturer of anti-virus software. (Full disclosure: I have used Kapersky products for years and found them reliable. I have Kapersky on this Linux box even as I type.)

Interestingly, the article also states:

    It is not clear why people who can disrupt operating systems do so. The reason is not likely to be to make money, although handsets are being used more and more often for banking and financial transactions. Attacks on widely used software are as often as not committed for political purposes or to disrupt global business or government systems. Hacking into Android or OSX probably does not satisfy any of those aims, at least for now.

Indeed, I believe that one reason that have not been subject to greater attack over the years is that most of them simply do not contain the kind of information that would repay in monetary terms the effort of cracking them. Nor are cellphones suitable for botnets because traffic to them is monitored by the cellphone provider; the percentage of time that a wi-fi enabled phone spends on a wireless internet connection is not enough to justify the effort of trying to recruit it into a botnet, when so many vulnerable computers are out there saying, “Take me! Take me! Take me!”

In other words, the probable motive for the predicted incredible rise in attacks on cellphones is simple vandalism, the same motive that leads kids (and some grown-ups) to shoot up road signs.

I suspect another reason for the prediction is a desired increase in sales of anti-virus software. Here’s a whole new market that the anti-malware vendors have not yet successfully tapped.

The article contains a major fallacy, embodied in this passage:

    The mobile operating system and software businesses are not as mature as they are in the PC industry. The iPhone and its OSX operating system were only introduced two and a half years ago. Android-powered handsets have been widely available in the market for less than a year.

It neglects to mention that both OSX and the Android operating system are based on the *nix model: OSX on FreeBSD; Android on Linux. Unix is forty years old; Linux is finishing its second decade. Implying that they are somehow wet behind the ears simply is not supported by history.*

This is not to say that I think vandals would not be attracted to vandalizing smartphones. The fun of vandalism lies not in the target, but in the destruction. I do not, however, expect the tidal wave of attacks that the Kapersky spokesman predicts.

Frankly, I believe that what is already the biggest danger to a user is probably going to be the biggest danger to a smartphone user: phishing. As persons pull their email into smartphones, they will be getting the same phishing messages on them that they are already getting on their computers.

The persons who get phished on a computer will also get phished on a telephone.

*(Contrary to myth, Linux is not “based on” Unix in the sense of being derived from it the way that MSDOS was derived from Q-DOS; rather, Linus Torvalds wrote the Linux kernel from scratch to the published Unix standards, which, unlike the proprietary Unix code, were freely available. “Written to the same standards” is not the same as “derived from.”)

(Visited 17 times, 1 visits today)