In previous entries, I have covered the rate of change in technology advances, peril of attempting to predict the future, and current trend in developments of cloud computing, data centers, and smart phones. A report by NPD says that iPhone 3G is now the best-selling smart phone (past BlackBerry’s and Palm Treo’s) and 2nd-best selling phone after Motorola Razr in US. The proliferation of new smart phones and the birth of whole new eco-system of applications developed by any programmers and available to all users present interesting security problems.
Mobile phones in general are now considered an essential item in one’s life. It’s hard to imagine what the world was like without them, not being able to connect to anyone at anytime from anywhere (even interrupting us at anytime). Most people nowadays cannot imagine what it was like before the Internet and mobile phones. Because of its portability and must-have status, the number of mobile phones vastly outnumbers any devices that connect to the Internet.
I can’t say for any other countries, but in US, smart phones are absolutely necessary in business because of its ability to access corporate emails and calendar. In fact, they are two major functions why millions of business users buy smart phones, which have become mandatory communications device for business users.
In addition to the vast volume of general mobile phones, smart phones are becoming more and more like small computers. With wide variety of applications available to download and install, new smart phone users enjoy the same freedom of choosing whichever application they’d like to use as those desktop users. As a rule of thumb, the technology advancement will continue and they may become as powerful as some laptops, as today’s laptops are as fast and powerful as desktop. It’s inevitable and just matter of time.
So, if you think about billions of laptop-like mobile devices with wide variety of Internet applications, any security professional will cringe. Infecting mobile devices with malicious code could result in devastating results. All the personal information stored on the laptop including address book and emails could be leaked. Someone could also tap into user’s location information through GPS and keep tracking the user for criminal purpose. Since they will become as powerful as some laptops, it’s entirely conceivable that some sort of P2P applications (good or bad) might be developed for mobile phones. As more advanced botnet uses encrypted P2P network rather than traditional IRC channels, the mobile botnet can be certainly created with P2P network as well.
Apple keeps tight control over applications developed for iPhone, but when the number of applications is increasing faster and faster, they won’t be able to keep the full control. However, restriction and control are not the answer. They will only limit innovations and may even kill the very technology and/or product it is trying to protect. Internet was able to flourish because it was open. While there are some parasites, the benefits of openness vastly outweigh negatives. There are numerous cases when open system/architecture triumphed over closed counterpart. Open system encourages competition, which in turn fosters innovations in the market. Then, how does one make money in such environment? It may not be easy, but it’s possible. Good example is Cisco. Most Cisco products are based on open standards, yet they command highest market share in most markets. Worse yet, they do not build the best or the fastest products in the industry. Slightly different, but similarly, Apple was able to come in to crowded MP3 player market and dominate in short period of time. There is no secret to make a MP3 player, as you can see in high number of MP3 manufacturers. How did Apple do it? Is it because it looks beautiful? Americans are quite practical folks. Knowledge of America might be limited to what they see on TV or movies for some, but most Americans are definitely not frivolous. It wasn’t because of its looks. Then, how did Apple succeed?
In marketing there is a concept of “Whole Product.” It’s not enough to win in the market with just main product. In order to complete user’s experience, you have to consider what user would go through from before the purchase to what afterwards. Apple iPod was successful because of iTune software and iTune store. In order to complete MP3 experience, a user would have to find a way to manage his music collection and a way to add more songs (either by ripping a CD or buying online). iTune software and store completed that, and they worked flawlessly with iPod. How about Cisco? Cisco’s “Whole Product” is Cisco product plus millions of professional service and technical support professionals either from Cisco or 3rd-party vendors. Cisco made it legitimate with its certification program so that their customers, if chose to seek outside help, can find quality professionals by checking their certificates. It’s this auxiliary knowledge base that is keeping Cisco in the top place. Because they are market leaders and have most customers, their position is reinforced by many other companies that build and offer additional auxiliary items/accessories and service for them such as cases, boom boxes, adapters for iPod or training centers, system/network integrators for Cisco.
So which way is right for mobile security? It’s a million dollar question, and also where incredibly attractive opportunity could be.