What's scarier, though, is that smartphone developers since have focused on features like user interface and screen resolution, as opposed to fixing a fundamental vulnerability that has been public knowledge for at least the past 16 months, Auerbach says. The Global System for Mobile Communications (GSM) standard for 3G cellphones still employs the A5/1 encryption algorithm, which Auerbach says is "incredibly broken" and "basically worthless." Indeed, the industry has been aware of an attack against A5/1 that can since 2009.
"So, in light of that, controlling the base station and the network elements really does give you access to users' communications," Auerbach says.
Another similarity between the mobile industry of today and the PC security outlook at the turn of the century is that OEMs and mobile carriers have no incentive to secure this vulnerability during the product development life cycle, Auerbach says. The faster smartphones are developed and pushed out to market, the more money companies like Qualcomm and stand to make. With the way the smartphone market has grown lately, they likely won't be slowing down any time soon - a recent IDC report showed 42.5% year-over-year growth in worldwide smartphone shipments in the first quarter of 2012.
Although he says he does not know the exact cost it would entail, Auerbach believes that "it would be significant to overhaul the encryption that's used." As long as OEMs and carriers aren't feeling any pressure to make such a significant change, they will continue pushing more smartphones through the assembly line as is.
Herein lies the difference in security for smartphones and PCs. Just over a decade ago, then CEO to the company's employees that set off the industry-changing Trustworthy Computing initiative. From 2000 to 2003, the number of Internet users across the globe nearly doubled, from 389 million to 759 million, and a large-enough security threat could affect roughly 12% of the world population. With numbers this staggering, Gates was compelled to ensure Microsoft "customers will always be able to rely on these systems to be available and to secure their information."