Posted by: Robert Westervelt
iPhone security, mobile malware, smartphone attacks
Despite being one of the hottest smartphones on the market, Apple iPhone 3G represents only 4% of devices in the United States.
The popularity of smartphones from Apple’s super hot iPhone to Android and even BlackBerry devices have some security pros predicting a smartphone apocalypse. But new figures released this week by Nielsen Media Research reveals a highly fragmented U.S. mobile market with literally hundreds of different kinds of handsets. It may mean that malware authors could have a very difficult time gaining a foothold deep enough in the mobile market to make it lucrative.
With all of the iPhone popularity, Nielsen found the Apple 3G iPhone making up only 4% of the subscriber base. In a Nielsen chart outlining the Top 10 mobile phones in use in the United States, Research In Motion’s (RIM) BlackBerry shows up three times, but still only manages to make up about 6% of the subscriber base.
The issue, according to experts I’ve talked to, is that people tend to hold on to their cell phones for as long as possible or at a minimum until the end of their two year contract with their cellular service provider. In addition to 3G iPhones and BlackBerrys, the top 10 list reveals a smattering of Motorola phones. Samsung and LG phones took four spots on the list.
So, you say it doesn’t matter the kind of phone a person is using, it’s the underlying operating system. We’ll I turned to marketshare figures provided by Gartner showing Apple’s iPhone firmware skyrocketing. What does that mean? Well, it’s popularity has earned it about a 17% marketshare worldwide. Even the most popular OS – known for being targeted by phishing attacks via texting – Symbian – earns its place at about 50% of the worldwide market. RIM’s BlackBerry software platform, which is mainly popular in many enterprises, makes up about 20% of the global market, according to Gartner’s marketshare figures.
This leads me to think the fear and loathing we hear about 2010 being the year of smartphone malware may be overstated. If there’s anything I’ve learned in the relatively short time I’ve been covering the security industry, it’s that malware authors have shown throughout history they will always pick the low hanging fruit. It doesn’t take a lot of effort and there’s still a rather big payoff. A fragmented mobile phone market, further complicated with different cellular providers and different systems from country to country, may shelter smartphones from being actively targeted.
That’s not to say we shouldn’t keep an eye on the market. Security researchers should continue to turn their attention to the rising use of smartphones and the more powerful the memory and processors being packed into the tiny devices. SRI International released an analysis this week of the iPhone botnet created by the iKee worm, which targeted jailbroken iphones in November.
In fact, the SRI researchers make a good case for the importance of the research:
Although the iKee.B botnet discussed here admittedly offers a rather limited growth potential, iKee.B nevertheless provides an interesting proof of concept that much of the functionality we have grown to expect from PC-based botnets can be easily migrated into a light-weight smartphone application. … While it is unclear just how well prepared smartphone users are to this new reality, it is clear that malware developers are preparing for this new reality right now.
There’s no excuse for not being prepared.