Mobile security: is your smartphone a target?

How much is your smartphone at risk of malicious attacks and exploits? NetQin Mobile's Chris Stier offers his reading of the industry's tea leaves.

Exploits, vulnerabilities, threats and attacks. These are words long-associated with the PC, but only recently applied to smartphones and tablet computers.

We -- especially IT professionals -- know that these devices are really pocketable computers. But there is something different about them that makes our brains think, if only for a minute, that they're immune.

Chris Stier is NetQin Mobile's managing director for the Americas. I sat down with him to discuss how big a threat mobile security is in the enterprise and for end-users everywhere.

ZDNet: Let's get right down to it: how bad are mobile threats?

CS: The threats are definitely real. We have seen many kinds over the six years we've been in business.

We started in Asia, where smartphones were already popular. It was Symbian then, an open platform. We saw threats coming, and they have only grown as smartphones have grown in popularity. At the 30,000-foot level, if you look at where the critical mass is for security, it's the smartphone, not the PC.

Mobile browsing will outpace PC browsing in 2013. People are doing everything they did on a PC on a smartphone and more. We have over 100 million users. We have a large database of threats -- over a billion malicious URLs and hundreds of thousands of malicious applications.

And that brings me to my next point: applications are so popular now. It's one of the key ways to get into the phone. It's easy for attackers to take down an app from the Android Market, compromise it, and put it back up as a free download.

Most people don't check their [wireless] bills closely, and they're sending one, three, five, 10 messages a month. On the PC side, it's an annoyance; on the mobile phone, you're actually charged.

In June of 2010, we had 50 million users. By June of 2011 we had 103 million users. We get 300,000 users a day. The consumer awareness is there.

ZD: What makes mobile a unique challenge?

CS: The fastest growing mobile platform today is Android. Android is a very open platform. Anybody can develop an application and post it on Android Market -- it's not vetted, it's not tested. It's very different from Windows and the PC environment. It's a benefit for developers, but it's a huge exposure that you don't have on the PC.

On the PC side you're mainly exposed through accessing malicious sites or clicking on something that wasn't legitimate. On a mobile phone, you could be getting hit many different ways -- application, Bluetooth, Wi-Fi, SMS and all the other traditional forms.

The mobile phone is much more personal to use. It's a window into your life. You carry it with you all the time; it can track your location. It's a very private device.

ZD: Is awareness an issue? I know better, but I can't convince my brain that my phone is a threat, at least on a day-to-day level.

CS: Our single biggest challenge in the industry is making consumers aware of how dangerous these threats are. It's something they take for granted, because for so many years, these threats didn't exist on the phone. We've had good security on the PC for awhile, so we don't feel as threatened. Many people don't realize there are the same types of things [on phones] and even more.

In Asia -- 65 percent of our user base -- because smartphones have been awhile, they've adopted this more readily. Within 12 to 24 months it will be worldwide. And it may be offered from carriers.

I've ran into a lot of people who assume that something like this has already been installed on it. It's a false sense of security.

We don't want a cause-and-effect syndrome where people realize they need this [the hard way].

ZD: How about the enterprise? How tuned in is industry into mobile security?

CS: One of the big trends we're seeing right now is activity -- both through operators and directly with enterprises. There's definitely demand for security. They're used to paying for these types of features and they're usually early adopters.

Personal devices are quickly becoming corporate devices as well. It's a huge cost savings, people are bringing their own devices. Android is beginning to proliferate in the office. IT directors are reaching out to companies to come in and secure those devices. By securing them, I mean encryption and blacklisting and whitelisting applications and URLs. Having remote locking and wiping capability.

ZD: What keeps you up at night?

CS: Number one is driving consumer awareness. We're putting a big effort into that.

The second thing is the implementation of more mobile banking and payments -- Google Wallet and all that. You're going to have even more sensitive information on your phone. Getting ready for those threats is something we're focused on.

Third is privacy leakage. All these different sources trying to track your location and information. It's scary to think somebody could access your location and track it for marketing or harmful purposes without you even knowing. That's a scary thought, especially for your kids. The other thing is your contact list -- you don't want people to access that list.