In early 2009, Citigroup launched a new mobile banking application for the iPhone. It let customers check their account balances and pay bills while on the go. Thanks to a bit of sloppy code, it also could have let hackers access the banking information for 118,000 customers who downloaded the app.
This story has a happy ending—Citi discovered the security flaw in June, before hackers could exploit it, and the bank says no customer lost money. However, experts say hackers may be quicker to exploit shoddy coding the next time around. "The bad guys follow the money," says Charlie Miller, principal analyst at Independent Security Evaluators, a consultancy based in Baltimore. "Criminals are going to start focusing on phones."
The number of attacks is still low. Although security experts discover hundreds of new strains of malicious code targeted at PCs every day, they've detected only 67 directed at smartphones in all of 2010, says Sean Sullivan, security adviser for the North American labs of F-Secure, a Finnish security software developer. Still, that's nearly double last year's total, and mobile devices become a larger target all the time. Morgan Stanley analyst Mary Meeker predicts that smartphones will outsell laptops and netbooks this year and will eclipse sales of all PCs, including desktops, by 2012.
That means more potential victims of malware—as in malicious software—and more customers for the security companies that protect against it. Jeff Wilson, a principal analyst at consultancy Infonetics Research, expects global revenues from smartphone security software to rise from $219 million last year to nearly $1.4 billion by 2013. Securing a foothold in the growing mobile security market was a key motivation behind chipmaker Intel's $7.7 billion purchase of McAfee in August and Juniper Networks' $70 million acquisition of SMobile Systems one month prior.
Much of the security companies' attention will likely be focused on Google's Android software. It's the fastest-growing mobile operating system, and may also be the most vulnerable to hackers, says David Goldschlag, vice-president for mobile at McAfee. Unlike Apple , which vets applications before allowing users to download them to their iPhones, Google doesn't check the apps posted to its Android Market, says Miller. (Google didn't return repeated requests for comment.)