Tuesday, 10 April 2012

The Most Secure SmartPhone?

Alana Maurushat and David Frew

With each new technological development or release of a new product comes the often-not-thought-about question, “Is this technology secure?” Most of us are quick to notice the price then we dive straight into the fascinating world of “what new things does my new gadget do?” Companies rush to deliver products jam packed with applications and attributes in order to meet the Christmas rush. Security, while part of the process, does not play a significant role in hardware and software development. This begs the question, which smartphone is the most secure?

This is an easy question to answer – whatever smartphone has the least amount of market share. Why? Criminals are drawn to technologies with maximum customers. The black market exploits and targets the companies who dominate the market. Market research by the NPD Group, Inc. suggests that Microsoft smartphone operating system has the smallest share, accounting for 2% of smartphone sales since launch. Apple’s iPhone follows at 29% of the market with Google’s Android leading the market with 53% of the total market. Microsoft is the safest smartphone – in attracting the least attention of the black market – because it is the least popular.

Malicious applications are developing quickly to take advantage of the smartphone market. There are some security features of both the iPhone and Android that are worth considering. iPhone “apps” downloaded from the App Store must first be vetted by the Apple security team; though this process is by no means foolproof. Android, on the other hand, does not vet any of its apps, only removing insecure and malicious apps once they are discovered. This does not, however, mean that the iPhone as a base product is necessarily safer than the Android.

Most smartphones run on a 3G or 4G system. These systems were designed with some security in mind. The typical 3G network allows for User Equiptment (UE) to ensure the connection is to an intended network rather than an impersonator. There is also the use of a block cipher to ensure encryption of data. In most Australian cities there is excellent 3G and increasingly 4G coverage. In more remote areas, however, there is only 2G coverage. The 2G coverage is extremely insecure as it was not developed with any security mechanisms in place. This makes any smartphone running on a 2G network susceptible to message interception and all sorts of cybercrime. Most smartphones automatically will look for 2G coverage when no 3G or 4G is available. The Android allows the user to set its default so that it will not connect to 2G coverage if a 3G or 4G network is unavailable. The iPhone does not offer this setting. Thus the user cannot instruct an iPhone not to switch to 2G coverage which, in turn, may expose iPhone users to cybercrime.

In recent times, there has also been attention paid to the efforts of a variety of security experts in exposing alternative vulnerabilities of the Android system, though it would also be possible to exploid such vulnerabilities on Apple’s iOS. Though the Android security breach was extremely expensive (US$15,000 in software and development) it also relied upon the complete trust and lack of awareness of the greater smartphone-using population. Whilst Apple, Google and Microsoft will do everything in their power to protect their smartphones from unauthorised access, there is little they can do to prevent users from personally authorising malware. Ironically, this method of breach is both the most potent and the easiest to prevent as it simply involves educating users to be savvy when links are sent their phones via text, particularly from unrecognised numbers.

The jury is hung: both the iPhone and Android command control of the smartphone market and both have features which allow, if not altogether encourage, cybercrime. So if safety is your ultimate concern, head for the Microsoft smartphone.

Image by William Hook, made available by Creative Commons licence via Flickr.

No comments:

Post a Comment