Please share your comments; critics make life meaningful!

Monday, February 14, 2011

Mobile Malware: Is India Ready?

Q - Mobile Malware (MM) - How ready are Indian Enterprises to deal with them and why do you think so?


Ans - There is good awareness within the security community on delivery mechanisms of MM such as SMS, MMS, WAP push, GPRS, Mobile as Data Card etc. However, due to the large user base and in the absence of general user awareness on security, the instances of infections in India due to MM delivered on user handsets, and further communicated to user desktops/laptops and further to enterprise networks, is deemed to be very high.

However, enterprises do not perceive infections to be a major source of threat or a significant risk. This is because, on one hand management understanding on the subject is feeble, and on the other hand, the security community does not distinguish between MM and other malware while trying to deal with them primarily because they do not have any wherewithal to do the same. For example, a notable telecom fraud called PRS Fraud (Premium Rate Service) saps established operators of substantial revenues but operators have no inkling of what % of PRS frauds are caused by MM.

Moreover, there is no worthwhile research in industry and academia on MM or other related mobile security issues which can shed light on attacker patterns, preferred delivery channels, susceptible target groups, infection patterns, and post-infection prognosis. The trend is likely to remain the same unless there is demonstrable RoI from investing on such security research and deploying such security platforms.