Android is the mobile phone operating system developed by Google.
According to Cannings, speaking at the Usenix Security Symposium in Montreal this week, hackers can already hit millions of victims with a smartphone attack.
And, predicted the Android security specialist, soon that number will be even larger.
The Android mobile operating system runs under a Linux kernel and, after being initially developed in 2007 by Google, the OS has been adopted by the Open Handset Alliance (OHA), a consortium of 48 hardware, software, and telecoms firms.
Since Google has released most of the Android code under the Apache License, a free-software and open source license, the number of mobile handset vendors releasing devices supporting the OS is expected to rise substantially in the next 12 months.
Canning's comments are in direct contrast to those of Mikko Hypponen, F-Secure's chief research officer, who told the New York Times earlier this week that the likelihood of getting hit by mobile malware is almost non-existent.
According to Hypponen, whose company writes software to detect and remove viruses from desktop and mobile devices, F-Secure's research team has discovered just 490 mobile viruses in the last five years.
In that same period, he told the paper, more than two million viruses were found for Windows computers.
Those few mobile attacks were noteworthy for the fact that they were so, well, 'juvenile', he said.
"They didn't involve hacking for financial or personal data. They were done by hobbyists and were stupid attacks to leave funny displays", he added.
Comments
SunbeltSoftware says:
19 August 2009
There are virtually no real smartphone threats out there at present, and if approached correctly there is no reason for it to become a big problem in future.
The threat of smartphone malware was predicted over and over again when the first smartphone handsets came out. It was also predicted when the first iPhone was released and again when Apple launched its App Store.
Vendors such as Apple have learned very quickly that you shouldn’t allow anything to install and run on your phone without a recognised certificate. Apple is practicing this very successfully in the form of its walled garden app store, testing and certification process. If you create a binary for the iPhone you simply can’t upload and run that on your own iPhone or anyone elses. As a user, you simply can’t go and install software from just anywhere, you have to get it from Apple’s store where everything has been pre-screened for embedded malware threats.
However, smartphone platforms that allow users to install applications from untrusted sources do run the risk of issues, if not from malware but simply from poor coding that can destabilise an otherwise reliable handheld device. RIM’s BlackBerry devices run this risk, as users can download applications from anywhere, not just RIM’s app store. The same applies to Google Android devices, anything Windows Mobile-based and other platforms such as Symbian.
Until these platforms tighten up their third-party application processes, the risk remains. But it is just that – a risk – one that has so far failed to manifest itself as an actual threat.
Michael St. Neitzel
Vice President Threat Research & Technologies
Sunbelt Software
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.