Why A Mobile Device Operating System’s Security Model is important

: @orinthomas

Mobile Phones are beginning to hold more of our life than Computers do. Mobile phone operating systems are also starting to get the sort of attention from hackers that computer operating systems do. With computer operating systems we have regular updates to deal with these vulnerabilities as they arise. This isn’t always the case with mobile phone operating systems where vendors have a more relaxed attitude towards software updates once someone has actually purchased the phone.

It is reasonable to say that all operating systems and applications have vulnerabilities that hackers, given enough time and effort, are able to find and exploit. Operating systems that have wider market share are more likely to draw hacker attention than operating systems that have smaller market penetration. Just because an operating system isn’t widely exploited doesn’t mean that vulnerabilities don’t exist.

If you read any near future science fiction, you know that most authors are predicting that more and more of our lives will be lived through our mobile phones. In the near future phones will become our digital wallets and the holders of our digital identity. In the near future, “pwning” the phone will reap greater rewards than it does today. In the near future, compromising someone’s phone will have much the same overall effect as taking their wallet. Identity theft becomes a lot easier when someone’s e-mail, social media, and financial information is all stored on the one device!

In future, keeping your phone up to date with software updates will be as important as keeping your desktop and laptop computer up to date is today.

Just as you’d be insane to perform online commerce today with a computer running Windows XP RTM without any anti-malware protection, you’ll be insane to perform online transactions in the near future with a phone that hasn’t been updated since you purchased it from the vendor.

That’s where today’s mobile phone operating system update strategies come into play. As hackers increasingly discover and exploit mobile phone operating system vulnerabilities, it will be increasingly necessary to regularly update mobile phone operating systems to address discovered vulnerabilities.

Microsoft and Apple seem to get this and both vendors have put in place and effective over the air update infrastructure. Both my Apple and Microsoft devices have had regular software updates. The same can’t be said for my Android devices. The attitude there is that if you want to update it, you need to do it yourself and that there isn’t much in the way of a vendor driven infrastructure there to assist. My wife’s iPad was easily updated to IOS 5. I can’t say the same about updating my Mum’s Android tablet to Ice Cream Sandwich, even though they were both manufactured around the same time.

Today this isn’t a big problem as remote exploits against phones are non-existent. In the future remote exploits against phones and tablets will be common. Android vendors need to get the kinks out of the system now so that Android devices will seamlessly update in future.


Check out my new book on Windows Server 2008 R2 administration:


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.