Back in November, I gave a presentation to a cellular industry conference entitled “Overcoming Mobile IM Security Threats.” The purpose of this presentation was to identify the types of threats that IM has faced in the desktop world, discuss how these threats could move to the mobile world, and cover how threats could be mitigated by operators and independent software vendors before services are launched.
The threats that utilize IM are well documented by Symantec and others. An interesting thing about Mobile IM is that users of these devices can and have started popping up on legacy Internet-based IM networks. There had been talk of operators going down the route of closed IM networks for their subscribers, but now it is clear that some operators are choosing public Internet-based IM networks. This means that these Mobile IM clients are going to emulate their desktop counterpart’s functionality closely, which will create an optimal environment for SPIM, Phishing, and other attacks.
Above anything else, I think the biggest threats faced by Mobile IM are SPIM and Phishing. I believe the diversity in mobile operating systems available and the large number of legacy- or proprietary-based operating systems will mitigate, to a certain degree, the success of Trojans and similar attacks seen in the desktop world to date.