The Trouble with Mobile
I started out titling this as The Challenge With Mobile, but the thoughts that keep me awake and go bump in the night are really troubling. I wonder and worry if people even recognize this brave new, slightly dystopian, world of technology we have created for ourselves — one which the phone is never off. An always-on and always-connected digital frontier, full of irresponsible citizens who fail to exercise their civic responsibilities on minding their own perimeter defense… thus as a result, endangering my co-existence within that space. If the initial wave of personal computers joining the Web unleashed a wave of malice and destruction, you ain’t seen nothing yet.
When the world first moved from dial-up to broadband, the initial generation of users suffered every imaginable offenses, before the firewall appliances and the anti-malware solutions came along. That was with a smaller and slower adoption, and not everyone left their desktop turned on and plugged in. With laptops and Wi-Fi, things got worse, again, until security and Web-consciousness caught up in the form of encryption, certificates and passwords. Social taught and continues to teach the hard lessons on information privacy. Now, with this wave of mobile — covering the gamut from smart phones, to tablets, to home and lifestyle devices — the opportunity for complexity, and exploitation, has never been greater. The same platform and resources for developing fantastic and useful code may also be leveraged for previously un-imaginable, versatile and powerful botnets. When is the last time you turned your phone off? When is the last time you checked the un-seen software running within the smart O/S, behind a visually stunning display? Are you even able to peek behind the curtains?
Blaming the consumer culture is no help. People are lazy and will always choose ease of use over security. But that’s “regular” people — layman who does not understand authentication from authorization. We are not those people. As providers of this double-edged sword, we must be the diligent curators, the watchful guardians and the last line of defense against those who seek to exploit the mobile universe. Do not write crappy code. Be security conscious. Do not escalate privileges un-necessarily, and do not dip into more data than you need — avoid those temptations, because trust me, the bad guys will come knocking. Let’s not make it any easier, because the web is full of ready-to-plunder scenarios, and we’ve gone through this lesson plan, at least twice, already.