Smart phones carry a bad reputation about security, in particular with regards to corporations. If you consider your CEO’s contacts and appointments sensitive, they often hold very sensitive information. Their bad reputation is also deserved by the fact that they are based on platforms that are famous for their viruses or other bugs. And even if I think that viruses don’t spread easily on phones because of fragmentation, it seems that viruses are becoming more targeted, and some smartphones would make nice individual targets, if their owners are worth it.
Some guys in Berkeley just had the ultimate bad idea: Use an iPhone to control planes (and weapons). I don’t need to insist why this is bad: standard “civilian” device, proprietary uncontrolled software, connected on an open network, and plenty more bad features. Of course, such an application won’t become real in the military any time soon, and this is obvious for many people. It should be just as obvious that this is bad for a lot of other uses, including the ones we know today (contacts and appointments) and the ones we are defining now (anything with NFC and money). We need to do some work on the phones before hacks become valuable enough, or we are going to end up with just another PC.
Consider the iPhone, too. If Apple sells them for $199, and T-mobile sells the “hot” device for 1€ in Germany (together with a long, expensive contact, of course), they are likely to become quite common. The guys that the iPhone platform has attracted to write jailbreaking code and other hacks will soon be busy writing more lucrative software, especially if the iPhone remains popular among “people”. And malware could spread on iPhones where they are dense enough, and well connected (think about the entire Silicon Valley, or any international airport). The iPhone has the hot looks required for a demo, and it may also have the hot looks that may attract the first real hackers on mobile platforms. Apple’s Mac may have been protected from hackers by Microsoft’s Windows, but who will protect Apple’s iPhone if it becomes ths most common/trendy mobile platform around?
In this context, I would say that iPhone security still remains a bit short for military-grade stuff, and I hope that drone controllers will remain in Berkeley.
At the recent JavaOne, we saw an example of drones secured by JavaCard, most of them controlled by Java or even Android-powerd computers.