According to Cell-news.com, in 2007 over 850,000 Brits flushed their cell phones down the toilet. I’m sorry to report that there isn’t much a security vendor can do to help you if you flush your cell phone.

ESET recently commissioned a study of smart phone users concerning mobile security. The results are interesting. A little more than 1,000 people were polled and we found that 35% reported using an iPhone.  Another 32% reported using a Blackberry.  Currently Android devices are at about 5%, but expect that to grow pretty dramatically in the near future.

Since the iPhone is so popular, let’s start with a few iPhone statistics.  How safely are people using their iPhones? We found that about 55% of iPhone users do not lock their iPhone.  Given the fact that many people access social networking sites with their iPhones, losing an unlocked iPhone can be a real problem and potentially lead to identity theft. Note, I am not talking about a SIM unlock which allows you to use the phone on different cellular networks. Of note, about 55% of blackberry users do lock their devices. When we look at all other device users except iPhone and Blackberry 60% of users are not locking their smartphones.

The survey reported that 24% of iPhone users are using MobileMe to back up their iPhone.  This doesn’t mean they back up as often as they should or that other programs are not used, but smartphones are often lost or stolen. It makes a lot of sense to back up the data, but then we see the same problems with laptops.

There are a couple of interesting statistics concerning mobile malware. 39% of the users report that they are concerned with malicious software infecting their device, and 25% report that they are using antivirus software on their mobile device. One important consideration, none of the iPhone users should have reported that they are using antivirus as Apple will not approve such software for the iPhone, even though Apple has had to pull spyware off of their app store. Still, 41% of iPhone users reported being concerned about mobile malware and 1 in four iPhone users reported that they are running mobile antivirus! These users may be confusing anti-phishing software with antivirus.

Nearly 70% of smart phone users reported that they do not encrypt the passwords on their devices. This does not bode well as these devices are already lost quite commonly and malicious software can steal data. While it is true that malicious software could capture the passwords as they are entered at various sites, it is not a reason to give up all of the passwords at once.

43% of users reported installing applications that were not created by the device manufacturer or service provider. Some of these applications are no doubt relatively trustworthy, but mobile devices are following the path of the PC and installing random software is risky and will become an increasing security and privacy problem.

24% users are making purchases using their smart phones and 31% are accessing banking websites or applications and this, combined with access to email and social networking accounts is what makes the devices attractive to hackers and other criminals. For a few years I have said that it is not homogenous environment that is required for mobile malware, it is the adoption of commerce that will create the irresistible opportunity for those with malicious intent.

It is clear that there are still security lessons to be learned. Defense in depth applies as much to smartphones as it does to computers, yet only 47% of the users who do lock their smart phones also report encrypting their passwords on these devices. Only 11% of all smartphone users report that they lock their device, encrypt their passwords, are concerned about mobile malware, and use mobile antivirus. In reality, it is closer to 5% who may have been doing all of this as there is no antivirus for the iPhone and half of that 11% who reported doing all of these things where iPhone owners.

Randy Abrams

Director of Technical Education