Hackers like to go where they can cause the most pain. As 3G rolls out in the US, you can bet that hackers will go there as well. There was a great article last Friday in the New York Times about viruses and other security issues on cellphone and hand-held devices in Japan(free site but registration required). It is clear that we should look at how Japan is dealing with this issue as their wireless infrastructure is much more advanced than ours at this point. At the same time, it seems that not many people in the US are dealing with the issue now. Having suffered attacks in the past, NTT DoCoMo has gotten proactive and not only put security software on its servers but also on its handsets. We should learn from this and prepare our infrastructure accordingly. Spam is not the major problem on these devices; think viruses that can jam the 911 emergency response system or denial of service attacks that can bring a wireless network down. What happens when we live in an even more embedded world where chips in cars, appliances, etc. begin talking to a wireless network and becomes infected with a virus?
Many of the companies that I have seen that focus on wireless security are looking at the client or handheld device level. This is the approach that companies like Network Associates and Symantec are taking with handhelds. While I applaud the effort to protect our devices, I do not believe that putting antivirus software on every handheld device is the right solution:
1. Installing antivirus software on every device is not an easy to manage task;
2. While it is much easier to constantly update virus definitions on connected devices, this will increasingly eat up precious memory and computing cycles on your device.
What is needed is smart security on the edge. This will require software that can sit on the network/server layer and in real-time inspect every message being sent from one device to another. It is not easy to sit inline and inspect every message without creating latency. In addition, the software will have to be able to prevent unknown attacks through behavioral analysis and not rely solely on signatures to prevent nefarious activity. This will lessen the need to constantly update every handheld, chew up precious memory and power, and give users an easy way to use their connected devices without headaches.