Original URL: http://www.theregister.co.uk/2013/08/26/good_tech_windows_is_as_secure_as_a_rooted_android/

Good Tech: Windows is as secure as a rooted Android mobe

Is the mobile really less secure?

By Richard Chirgwin

Posted in Mobile, 26th August 2013 01:26 GMT

The world's not so far away from asking “why can't our laptops be as secure as our mobiles?”, according to Good Technology's John Herrema.

Visiting Australia last week for the Gartner Security and Risk Management Summit, Herrema told The Register it's time to challenge the idea that mobiles are intrinsically less secure than desktop / laptop machines.

“Every Windows laptop is essentially a rooted device,” he said.

And, as in the world of Windows, there's an increasing belief that some of those issues can be overcome at the hardware level. Harrama pointed to growing interest in the work of Trustonic and ARM's TrustZone as important developments for mobile security.

Herrema agreed that SCADA security over recent years has given the idea of “baking-in” security a bad name, since if (for example) undocumented factory accounts can emerge as permanent features. However, he said, there's an important difference: the life cycle of the kit.

SCADA systems are, on the whole, big and expensive investments that stay in place for years – and so do any vulnerabilities they carry. On the other hand, Herrema said, mobiles are turned over every 12 to 18 months.

“If you look at the embedded security that's in large industrial machinery costing multi millions of dollars, thats a different issue.

“So you have to be prepared to look at the probability of a compromise. You can more than manage the risk-reward profile.” At the worst, an intractable hardware security problem might mean “you have to replace the device”. ®