As smartphones become the target of Trojans and other attacks,I guess it would go without saying that one of the major concerns is the sensitive personal or enterprise information that can be culled and how it affects individual people and individual companies.
But a blog post at Technology Review poses another idea, one that has far greater implications. The Mim’s Bit blog pointed out:
If hackers got access to enough smart phones, they could paralyze wireless communications.
This idea came from a Research in Motion’s security executive, Scott Totzke, and a Reuter’s article reported:
In what’s known as a distributed denial of service, or a DDOS attack, criminals use phone signals to order tens of thousands [of] computers to contact a targeted site repeatedly, slowing it or eventually crashing it. Totzke said a technique involving data packets might be used to bring down a wireless network, though hackers might accomplish that using a relatively small number of smartphones.
The Mim’s blog thinks a large-scale crippling attack is unlikely, but does think that wireless service could have what would be the cell phone equivalent of a brown out:
Even if an attack of this kind never happens – fortunately it’s unlikely, given its scale and the still limited reach of smartphone viruses, trojan horses and rootkits – the growing ubiquity of smartphones, along with the sensitive information they carry, makes it likely that exploits for these phones will continue to proliferate. That could be more than just a route to identity theft – rogue software could also slow the cell phone networks in general.
To me, the Reuter’s article and the Mim’s blog reinforce the fragile nature of technology and how one well-conceived attack can bring a community, a state, or a country to the brink of disaster. We tend to think of attacks in terms of what they can do to us personally or to our place of business, and not so much what a well-place attack can do to the community at large.
The saying is all politics is local, even if the election is for federal office. Maybe that’s the way we need to think of information security. It’s all personal, and securing the personal might end up protecting the larger network.