After several years of paranoid news articles, it seems as though the age of mobile phone hacking might finally be upon us.
As smartphones took off, anti-malware companies spent the last few years warning about the potential of smart phone Trojans and viruses. Some of them have even released products designed to protect these endpoints, but aside from a few proof of concept binaries, little seems to have happened.
A few things recently suggest that the mobile phone security threat may be gaining traction.
Cisco's latest annual security survey, released yesterday, has found that criminals are investing more resources in exploits specifically targeting mobile device users. It is only a nascent trend, the company says, but it is a distinct one. Significantly, Cisco believes that we have reached a tipping point with traditional PC security. Companies are getting better at building security into PC platforms and making patches available more quickly, the report said. Look out for exploits targeting Apple and Android operating systems this year, it added.
Both iOS and Android phones are getting sophisticated enough to allow malware to do some pretty devious things. Security researchers have developed an Android Trojan called Soundminder, for example, that listens for spoken or dialed credit card numbers or PINs, performing the necessary analysis to convert them from sound recordings into text that can then be sent back to an attacker.
That may be little more than a proof of concept trojan, but other researchers have found a real one, in the wild, that is being bolted onto legitimate Android apps. It effectively converts the phone into a bot, enabling it to take remote instruction from a malicious attacker.
There is another reason why smart phones might be the next significant attack target for criminals: mobile payments. Right now, smart phones are frequently enabled for online payments in one way or another. The iPhone features an in-app payment mechanism, for example, and many applications connect to services with stored credit card information. Bump, a popular mobile application that enables two phones in the same vicinity to exchange information, publishes an API that companies like PayPal use to facilitate mobile transactions.
Large retailers are starting to get in on the act. Coffee giant Starbucks has started taking mobile payments from the iPhone in the US, via a Starbucks Card Mobile app that connects the phone to the user's Starbucks card account.
I guess it was only a matter of time. After all, modern malware writers look for sensitive information that could be sold on. Smartphones are beginning to store more of that sensitive information, and are also connecting to a greater number of sensitive online services. My bank, for example, released its online banking iPhone app recently.
But the real inflection point for mobile payments will be Near Field Communications (NFC). This radio technology, already used in payment card and ticketing systems, is being prepared for phones, and one big rumour is that it will make its way into the iPhone 5. This would effectively turn your phone into a digital wallet, able to pay for things in cash. What self-respecting cyber criminal wouldn't want a piece of that action?
But what about Microsoft? The company did its best with Windows Phone 7 in CEO Steve Ballmer's keynote, though it seems off to a slow start despite positive reviews. There were also some Windows tablets shown, but these were mostly high-end devices from the Tablet 1 era - full Windows, stylus, expensive, short battery life - devices like the Asus ASUS Eee Slate EP121. These may succeed within the same niche the Windows tablet has always occupied, but they are not a competitor to Apple's iPad, which seems to define the Tablet 2 era: small and lightweight, UI designed for touch, long battery life, apps installed from an app store. Asus also announced tablets in that category. Microsoft gave indications at its keynote that Windows 8, coming maybe in 2012, will be its Tablet 2 OS. That is a long wait; and who knows whether it will be competitive with wherever iOS and Android have got to by then?
This is not just about tablets. At CES, NVIDIA was talking up its Tegra 2 System on a Chip, which powered some of the smartphones and tablets on show at CES. I've been impressed by Tegra 2, though no doubt competitors like Qualcomm and Texas Instruments will have interesting competing packages. A point of interest though is that NVIDIA envisages mobile devices taking over from the PC as the client device for most of us, both on the move and at the desktop. You do not have to give up your keyboard, mouse and large display when at your desk. Tegra 2 supports high-res HDMI graphical output. Just dock your mobile and carry on working.
That is an image that should worry Microsoft. Even desktop computing is not safe from the growth in mobile. But how is it that long-term partners like NVIDIA and Asus are moving away from Microsoft for their mobile OS? It is hard to say who is abandoning whom. NVIDIA told me that one of its problems was that Windows Phone 7 launched with hardware tightly specified to run Qualcomm SnapDragon, while Intel VP Tom Kilroy told CNET that:
... we tried to get [Microsoft] to do a tablet OS (operating system) for a long time. Us, and others like Dell.
What could Microsoft have done? Well, with Windows Phone 7 it came up with a new mobile OS based on Windows CE, including a touch-friendly UI and an app store platform. It could have adapted that for this new generation of tablets.
I have no doubt that this was debated within Microsoft. However, despite those partner requests, the evidence is that conservative voices saying that full Windows must run everywhere won the argument. That is plausible, given that Windows and Office generate the bulk of Microsoft's profits.
While this is plausible, from outside it seems bewildering. How could it be better for Micrsoft that their partners use Android rather than an OS similar to that used in Windows Phone 7? Further, the introduction of tablets running the same OS would have given the application market for the platform a much-needed boost. All the pieces are in place: Silverlight and XNA for secure and isolated application deployment, the Zune marketplace, Visual Studio tools.
There is one angle on this that could benefit Microsoft. The market for Android tablets is not really proven, and it is possible that many of them may fail. In this scenario, manufacturers may be glad to come back to Microsoft for their 2012 line-up.
Still, while I am a bit of a tablet sceptic, I expect a bright future for Android smarthpones and look forward to the powerful Tegra 2 devices coming from the likes of LG and Motorola. Taken alongside the strong trend towards cloud computing, NVIDIA's vision of the future is a reasonable one. I don't mean that we will all be ditching our laptops next time we buy a mobile phone; but that mobile devices will gradually take on more of what we currently do on full PCs.
If that is the case, Microsoft has a serious problem, the impact of which will be felt in business computing as well as by consumers. Fumbling tablet computing, alongside its well-known failings in smartphones, could prove to be Microsoft's biggest mistake yet.
Richard III saw this as the season of his discontent, but in
2010, winter is proving to be a happy time for computer users. It sees the
launch of app stores both for Mac OS X and for Google's Chrome OS. Both have
already been announced, and Google's is already available.
The Chrome App Store brings together Internet-based applications in a way that makes it easier for people to consume them. It lists them all on a single, searchable site, and presents them in an attractive layout, similar to that found in Apple's app store for the iPad and the iPhone.
Now, Apple is doing the same. It will feature an app store in its OS X operating system bringing together applications that it approves of in a single place. This won't stop third parties from selling applications not listed in the app store, but it will make it easier for users to find and download the software that they like.
What's here for the enterprise? The concept of providing users with online catalogues of applications and online services could revolutionise the way that they interact with the IT department. Ask yourself how your users procure applications for use in their work, and how you provision them? How easy is it for users to find and access the functions that they want? How fluid is the exchange of information about those applications and how well they perform?
The combination of app stores with cloud computing environments could bring new vitality to IT in the workplace. Cloud-based companies such as Salesforce are already providing application platforms that independent software vendors can use to develop custom services using their infrastructures. These are then made available through AppExchange, its cloud-based app store, and applications can be rated by users.
It is easy to see how techniques such as these might make it possible to promote cloud computing and service-oriented architectures to line of business managers and users. If cloud-based applications and services developed by internal departments and third party partners could be displayed in this way, it would bring home the benefits of an online application infrastructure to users. It might also soften the blow when organisations pursue desktop virtualisation and find themselves trying to convince an unwilling user base.
Rudimentary versions of this concept have been pursued before. In the early 2000s, Universal Description Discovery and Integration (UDDI) gave companies a software stack that enabled them to publish centrally accessible services, based on the then-new concepts of SOAP. Today, SOAP, other forms of XML-based API, and architectures such as REST are enabling far more applications and services to integrate with each other online. The time for cloud-based app stores in the enterprise may just becoming of age.
This concept could promote the use of IT in general as a more responsible, user-oriented business function. It could, in short, make IT sexy again in the enterprise. And as CIOs strive to redefine their departments as corporate assets and strategic partners, that could be a powerful tool in the battle to win the hearts and minds of business users.