In order to properly understand the mobile malware threat, it is not sufficient to understand platform particulars (such as limitations of battery power and computing power) or to understand software, hardware and firmware approaches designed to complicate corruption of devices. It is also important to understand the motivations of the malware authors.
At the same time as we benefit from understanding attackers, we also benefit from seeing the problem from the perspective of the potential victim. Since mobile devices are commonly always on and many types of malware depend on a user action (such as accessing an email), we can conclude that this change of access patterns has the potential of substantially increasing the propagation rate, including during the normally very slow ramp-up phase.
Having created a clear understanding of the threat, and its likely future trends, we are ready to consider what features need protection. By breaking free from the traditional expectation of defending against malware and instead considering the rational motivations of typical fraudsters, we can identify what routines and information repositories are most likely to be targeted by malware and focus our attention on how to improve our protection of these.
Another objective of relevance is to consider ways to align control to the access of such critical resources with liability -- in other words, to allow relying parties to make security assessments of devices before granting access to resources they control. If done successfully, it will reduce the need for typical consumers to take control of the security of their devices -- a very important goal to reach given that typical consumers are not good judges of what constitutes safe behavior.
↧