July 16, 2008, 5:15 PM — Consider a world in which increasingly advanced and impressive consumer electronics are free to the consumer. For example, the electronics might be subsidized by service providers in the business of understanding consumer behavior -- purchase preferences, location, activities -- in order to provide better search, advertising and fraud detection. It is not so hard to believe that we will be there in just a few years. Then what?
The assumption that hardware is free -- or remarkably inexpensive -- immediately leads to an interesting but undesirable situation. Consumers will become less risk averse, having nothing to lose by not being careful. They will be increasingly willing to install and run just any application. So what if they unwittingly install a terrible Trojan? What would their reaction be? Maybe "No problem, I have a backup." Or perhaps "Big deal, I'll get a new phone." Is this so bad? The problem gets taken care of, and the consumer is one experience wiser, and who suffered? Nobody, you say? Not so.
If phones are more prone to being infected by crimeware, and if at any point in time an increasing number of phones were to be infected, what would be the consequences? Here is one: There are very clear trends in Internet fraud, pointing to the increased risk posed by botnets -- large numbers of compromised computers. These are computers under the control by an aggressor who may use them to blackmail large organizations, paralyze governments, and host fraudulent applications that collect user credentials on a large scale. Not to talk about spamming you and me, of course. But what makes phones more desirable targets to criminals than than traditional computers are? First of all, there are more of them. Recent statistics suggest that there are already more phones than people in as many as thirty countries! Second, phones are almost always connected. Accessible, available. Maybe not to send or receive huge documents, but that is not necessary to wreak havoc. And finally, phones are very much social enablers, and may be easier to corrupt than regular computers as a result. You got a funny little movie sent over by your friend? You probably will watch it while you wait in line at the supermarket. But what if it really was not from your friend, but from the crimeware residing on your friend's phone? That's really too bad. For you. Now, you have it, too, or your phone does, at least. A recent academic study suggests that more than 50% of people would be willing to run an executable endorsed by a friend -- this corresponds to the potential for a catastrophic epidemic just waiting to happen.