Mobile phone security threats used to be mocked by everyone outside of vendors with mobile antivirus software to sell. That has changed, and how. The online media headlines have been full to bursting with reports that 'mobile malware' had grown by a staggering 273 percent in the first half of 2011 when compared to the same period for the year before. But can that be true? The answer, it would seem, is no. It's actually much, much worse. Maybe.
The news broke on the back of a report from German-based security software specialists G Data which issued a press release detailing that 273 percent figure. But according to a sharp-eyed reporter for Mobile Europe all is not quite as it seems. While the press release highlighted précis of the report, which is what most news outlets appear to have looked at and used to produce not only their headlines but also the meat of the story, states that mobile malware overall had risen by 273 percent the actual report shows that this figure relates to the share of the overall malware market represented by mobile platforms.
As the Mobile Europe reporter states, taking the sequential half year numbers quoted in the G Data report: "mobile malware has increased around 1,400 percent from 55 to 803 detected threats". So why the 'maybe' in my opening paragraph? Well, simply put, although the 1,400 percent rise figure looks really very scary indeed on paper, out here in the real world of cyber-crime the impact of mobile malware remains fairly low. Taken as a share of the overall malware threat landscape, mobile malware accounts for just 0.1 percent and that's after the 1,400 percent rise!
David Harley, senior research fellow at another security software vendor, ESET, still thinks mobile users should be worried though. "The idea of a single device as a single storage repository has given way to a much more distributed model" he says, concluding "your data reside in the cloud and mobile devices are as much a form of handheld smart terminal as application servers in their own right. Think of your phone as a key to your data-safe, not just as a phone with games and a bit of web browsing, and you'll realise you need to secure both the safe and the key". When the bad guys discover how to monetise the ability to infect those smart-terminals with malware, then I would imagine that 1,400 percent figure will seem on the low side as one thing in this whole mis-reported mess can be read as gospel: cyber-criminals will surely follow the money...