Summit: Experts warn of mobile botnet threat

Mobile botnets could launch denial-of-service attacks

Mobile malware could reach critical mass in as little as two years' time, with the potential for mobile botnets and denial-of-service attacks to cause widespread disruption for firms, according to Research in Motion's (RIM) head of global security.

Scott Totzke, who is charged with anticipating online threats and ensuring the security of RIM's range of popular BlackBerry devices, argued that hitherto the smartphone market has not been a big enough target for malware writers to bother with, while the proliferation of different operating systems also made spreading attacks over a wide area more difficult.

"The economies of scale are already there for the malware writers, but only in the past couple of years has the smartphone platform become so robust and powerful and got any type of market penetration," he told V3.co.uk at its inaugural summit event.

"Two to three years down the road we will see more critical mass and a few very targeted applications leading to the information leakage of customer data. "

He predicted that hackers would not only look to steal personal information such as credit card details from individuals, but also "exploit the trust that exists between a handset and network provider, or enterprise network".

"Ten thousand infected devices on an infected carrier's service could cause a denial-of-service outage," he warned.

Totzke explained that to mitigate such risks it is important that IT has as granular control as possible over what is allowed to run on staff devices.

Dave Rand, chief technology officer at security vendor Trend Micro, also predicted that handheld devices would increasingly become targets for hackers as organisations employ them as primary information stores.

"How do you secure and protect that information though? The only way I can think of is to encrypt that data so it is unusable by third parties," he added.

Howard Schmidt, president of the Information Security Forum and former White House cyber security advisor, argued that IT administrators need to think about how to wipe data or locate a device if it is lost or stolen, and also have some way of vetting the applications being loaded onto those devices to ensure there are no vulnerabilities.

"We need to pay more attention to this and work with the vendors and application developers to ensure we don’t end up with the situation we got with the PC," he added.

Visit our dedicated Summit web site for more breaking news, views, analysis and video on the topic of Information Overload.