Do you think the threats to any particular mobile device will outweigh the threats to others this year? Is there any particular device you see as being most vulnerable? Are there any mobile threat vectors you see as particularly insidious (e.g., mobile banking)?
The most serious threat vectors (and the most obvious) will likely affect applications or mobile device vulnerabilities used in financial transactions, because attackers can most easily monetize these attacks. Since the diversity of the hardware and software of smartphone platforms makes attacking them more difficult than targeting desktop systems, and the number of smartphones used for financial transactions is still small, the risk to the general user is still relatively low. For targeted attacks, however, the risk of infection is higher for general users, since security awareness concerning smartphones tends to be low.
Also, security researchers will continue to identify vulnerabilities. Researchers at Fraunhofer Institute of Secure Information Technology recently identified ways to bypass the iPhone PIN (.pdf), which could expose any data stored or password saved on the device. This essentially means an iPhone PIN can only protect against the most casual of attackers. Android security research continues to improve and identify more complex vulnerabilities. The threats to the different devices are also heavily dependent on their management by the vendors, their application distribution stores and any potential management by enterprises.
This was first published in August 2011