The threat that specially written worms, viruses and other forms of malware could attack mobile phones is significant enough that protection for smartphones could become a whole new revenue stream for security service providers, according to a new analyst report.
There have been close to thirty different kinds of attacks on various types of mobile device during the past two years, according to a report from ABI Research.
Right now Sprint provides the only security service specifically designed for mobile phones, but the market for that protection could rise to more than $500 million by 2011, the report predicts.
If a market for cell phone security does develop -- at least in the near term -- it won't be because of malware, according to Zeus Kerravala, an analyst who specializes in networking infrastructure management for the Yankee Group in Boston.
"Malware, as a threat, is overrated," Kerravala said. "It can be a big thing in Finland and Sweden and other parts of Europe. But over here more people lose data by losing the phone than by having it infected."
The real risk is in having executives carry important information on cell phones that have no encryption or access control built in, and then losing them, or leaving them and the data they carry unprotected. Any effective mobile security provider would design and implement effective data and asset controls before thinking much about malware, he said.
The ABI report does say mobile malware is much more common in Europe than the U.S.; but it also predicts that growth in smartphone use and the volume of data sent over cellular networks in the U.S. over the next two years will create a tempting base of targets for malware writers, and a significant need for added security.
Mobile device security products are available from F-Secure, Adaptive Mobile and Bluefire Security, as well as Trend Micro, McAfee, Symantec and VeriSign. But cellular carriers stand to benefit most directly from security risks, by offering security that could reduce churn and generate new services for existing customers, the report said.
"Before we start worrying about malware on mobile phones, it would be better to know where are the mobile phones we have out there already," Kerravala said. "How many companies have the ability to send a 'kill' order to a cell phone that's lost so they won't lose the data, too? Not many."