According to a recent survey conducted by AVG Technologies, a global consumer security software provider, and the Ponemon Institute, an independent research group, many smart phone users are complacent about the security risks that exist from using these mobile devices. Computer science professor Guevara Noubir, an expert in wireless security, analyzes this finding and assesses the potential risks that stem from using smart phones.
Do you agree that Americans are lax in their mobile phone security?
My feeling is that a portion of the population is lax, not everyone. People might download hundreds of applications to iPhones or Android phones, and I think some people aren’t careful enough about it. But the risks will keep increasing as phones become more ubiquitous and more sophisticated applications emerge, and because phones are with us all the time and we tend to trust them.
What are the greatest risks for cell phone users when it comes to security threats?
One potential threat relates to the fact that people carry mobile phones with them all the time, so their location can be tracked. Some applications people use, such as apps that enable them to access their bank accounts, could be damaging if that information is compromised.
These threats are related to many other aspects, including the fact that some of the protocols behind Wi-Fi and connectivity still have security issues. Others are related to the specific user. Many apps will ask you to accept its terms, which could include sharing the user’s location. Many people don’t read these terms and just click, “Yes.”
A couple of weeks ago, several applications were taken off the Android market because they included malware — meaning someone repackaged them to include harmful software that reports user information.
Has mobile phone security software kept pace with the cell phone technology, and how do you see this trend continuing in the future?
I think smart phone security is still just emerging, because cell phone technology has evolved so quickly over the last few years. Manufacturers put security mechanisms in their systems that are quite good, but beyond that, many threats haven’t been realized yet. We haven’t heard about a really large number of people being compromised, so if and when that happens, we’ll see more work done to solve these problems. I think most people now are ignoring it because there is no imminent threat. It’s hard to predict future threats, but overall, I feel if people are careful about what applications they install, their threat level is reasonable.