There will be an interesting intersection between open mobile platforms and network/information security looming in the not-too-distant horizon. In particular, security engineers and architects, threat analysts, or general enthusiasts for network and information security have a lot on their plates today on the vulnerability of compute endpoint devices and their subsequent infection with malware that have the potential of creating huge botnets fueling the “snowball effect” of malware propagation and disruption to networks.
Now with the advent of mobile platforms and last years craze on “who’s more open then who” in terms of the mobile OS platforms, this starts to illustrate the next major inflection point of potential for vulnerable endpoints, their sheer magnitude, and botnets like the Internet has never seen. Let’s look at the numbers. Gartner, IDC and other analysts have forecasted on the order of 100-120 Million new PCs to be sold in 2009. This is mostly laptops with a growing number of netbooks sprinkled in there. ALL of the laptops and netbooks will be equipped with WiFi, likely Bluetooth, and an increasing percentage of 3G mobile broadband. OK, so that is certainly a decent target addressable market (TAM) to go off and provide a security solution for any technology vendor.
But the REAL numbers are in the forecasts for mobile devices…on the order of 1.3-1.4 Billion new devices sold just in 2009! So PCs are just a rounding error when you compare that with new cellular mobile devices. And forecasts for smartphones vary greatly, anywhere from 15-20% in 2009 with a trend towards 25-30% by 2012. These smartphones are small compute devices generally with open OS’s, multinetwork connectivity (3G, 2G, WiFi, Bluetooth), and are Always Connected.
We are increasingly using our mobile handsets for what previously was done only on a laptop or PC. We check and write emails, update our Facebook, visit numerous other social networking sites, perform searches for all sorts of things from restaurants to doing research, take pictures and post them to some of the same social networking sites, read RSS or blogs, download files to do what I refer to as “mobile snacking” of the content (scan through a document or Powerpoint pitch for a quick read). Would a security architect or analyst agree that every single one of these actions on a PC would be considered at threatening, hence the need for malware, content, connectivity protection? You bet! And yet these handheld devices and the networks they connect to have generally ZERO protection from the threats!!
So how interesting would a botnet size of rather than 1, 5, or 10 Million endpoints but 10, 50, or 100 Million endpoints be to a malicious code writer or some aggressive government elsewhere in the world looking to put another chink in the economic armor of the US? I don’t know…you do the math.