I’ve written many times about the need for better smartphone security. I thought the lax security measures were largely because it was new technology and mobile devices weren’t a target yet.
I might be wrong. A new survey from Mocana, a company that focuses on smart-device security, found that engineers lack corporate support to improve security measures. In its Summer 2011 Device Security Survey, Mocana surveyed approximately 800 mobile device software and hardware engineers. Only 39 percent said they have “good access to embedded security expertise when they need it.” Twenty-five percent said that security problems in their devices haven’t been revealed to the public.
An article on the San Francisco Chronicle website said the following:
Smart devices have experienced tremendous growth in recent years as new technology advancements have made it possible for people and things to be connected to each other virtually everywhere. Unfortunately, investment in security hasn’t kept up with that in the devices themselves; consequently, many are unprotected against even the most basic threats.
Okay, I can understand security lagging behind technology at this point. But a quarter of companies are hiding security flaws from potential customers? That’s disturbing.
On the plus side, the vast majority of the engineers believed that any security problems found before distribution are fixed before heading to store shelves. However, the majority also think that their companies aren’t spending enough time and resources on making sure the devices are secure. It makes me wonder how many devices have unknowingly been sent to market with security flaws intact.
I personally didn’t have any warm fuzzy feelings toward the device corporations after reading about this survey. My takeaway is that individual owners and IT security departments need to make sure that the devices have good security applications downloaded. We can’t trust that our phone has the capabilities for top security.