Smartphones Withstood Attacks At Hacker ContestSmartphones Withstood Attacks At Hacker Contest

There was a three-day Pwn2Own contest in Vancouver where, according to this CNN Money article, contestants were offered $10,000 and some free cell phones if they could hack one of the mobile platforms at the contest. All five platforms withstood the assault.The five platforms were the Apple iPhone, Google's Android, Microsoft's Windows Mobile, RIM's BlackBerry, and Nokia's Symbian OS. The mobile platform makers shouldn't rest on their laurels, though. There was a security firm that presented at the conference and it "demonstrated how to crack into the iPhone, Google Android and Windows Mobile devices using something called a simulated stack overflow vulnerability." They may be difficult to hack, but not impossible. Nothing with a computer chip is invulnerable.

Hacks for desktop platforms, most notably Windows, aren't likely to work on smartphones, even Windows Mobile. First of all, the operating systems like that in the iPhone and WinMo are different enough from their OS X and Windows desktop counterparts, respectively, that apps written for the desktops won't work on the mobile phone, and that means neither will malware. Second, even if there are some shared APIs, mobile phones don't use Intel x86 instructions. As it so happens, all five platforms use chips based on the ARM architecture. Apps would have to be recompiled to even have a prayer of a chance of working. The same applies to Android, which is based on Linux. Third, platforms like the BlackBerry and Symbian don't have desktop counterparts, so anything aimed at them would likely have to be written from the ground up.

Mobile phones do tend to be online as much or more than desktops, but unlike desktops, they aren't as willing, or even able, to join local networks or share files, which helps mitigate their vulnerability to attacks. Even though I know the IP address of my phone, I am unable to ping it from my PC, and a tracert dies after just 3 hops, getting nowhere close to the network that my phone is on.

All of this is to say, your phone is relatively secure, probably more so than your desktop. I don't run any security software on my phone. Their battery life isn't great and processing power and RAM always seem to be just short of where you'd like them to be. Having something as big as an antivirus or security app would only slow the device further and shorten the battery life.

Where you do have to be careful is from social engineering hacks. If I write a malicious app for your phone and can trick you into installing or running it, then I own your device and your data. One of the benefits to these application stores being opened by the various platform makers is that while there is no guarantee the app is any good, there should be no risk of malicious software infecting your phone.

I am sure hacking contests will continue and there will be some that will expend a lot of personal time into hacking cell phones. For now, just be alert and don't install or launch anything unless you know exactly what it does.