Android security chief: Mobile-phone attacks coming
IDG News Service - As smartphones become more popular, they're going to get some unwanted attention from criminals, Google Inc.'s head of Android security said today.
"The smartphone OS will become a major security target," said Android Security Leader Rich Cannings, speaking at the Usenix Security Symposium. Attackers can already hit millions of victims with a smartphone attack, and soon that number will be even larger. "Personally I think this will become an epiphany to malware authors," he said.
Microsoft's Windows operating system is the prime target of criminal attacks, and hackers have generally steered clear of mobile devices. Security experts say that this is because mobile phones haven't traditionally stored a lot of sensitive data, and because there are so many different devices to attack, it's hard to create a single virus that can infect a large number of users.
That may be changing as more and more people start using iPhones, BlackBerries, and -- Google hopes -- Android-based phones such as the Samsung I7500.
Google was late to market with an iPhone competitor -- the first Android system shipped in October 2008 -- but the company hopes to catch up by making its platform more open and appealing to developers. Android uses open-source components, and Google places fewer restrictions on device makers and application developers than Apple.
For example, Apple must first approve any application before it can be featured in the iPhone store. Google applies no such restrictions in its Android Market.
This open approach to security is further reflected in the fact that Cannings was allowed to talk about Android security in the first place. Mobile-phone makers are traditionally tight-lipped about their security strategies.
Google's openness gives developers more freedom to innovate, but it can also be misused. "We wanted developers to be able to upload their applications without anyone stopping them from doing that," Cannings said. "Unfortunately this opens us up to malware."
Google runs an application honeypot -- a computer set up with test versions of Android -- to check Android Market programs, but it has also made changes to the way Android's Linux operating system runs applications in order to make things safer. Each application runs within what Cannings calls an "application sandbox," a virtual-machine environment where the program is unable to mess with other programs on the phone.
Applications are given access to the parts of the system that they need, but they're blocked from other parts of the system.
Android has a media server process, for example, that can write to the phone's display and use the sound card, but it can't access the phone's browser or Bluetooth connection.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!