Ten years and 1.5 billion new web users later, Trustworthy Computing seems to have made a difference. Microsoft has since come up with the Security Development Lifecycle, for example, to instill security and privacy considerations before new products come to market.
Whether the mobile industry will receive a similar call to arms remains to be seen, but Auerbach, for one, is less than optimistic. Because the smartphone market is not showing any signs of becoming as monopolized as the PC market was in 2002, Auerbach says any federal legislation aimed at improving cybersecurity, such as CISPA or the SECURE IT Act, "should at least be thinking about incentivizing companies to care about security." So far, partially because lawmakers are unaware of these threats and partially because those tasked with educating them have their own agenda, solutions to that problem are "nowhere to be found," Auerbach says.
"I think, unfortunately, members of Congress are not very educated about real security issues and real problems, and instead they are taking their cues from interested parties, for example the intelligence community, as to what needs to get passed," Auerbach says. "Unfortunately, the result is that the legislation is not focused on the relevant issues, such as mobile, and instead it tends to become blanket legislation."
An increase in user education about the privacy and security issues with their smartphones could help the problem, as could improvements in sharing information about and patching newly discovered mobile software vulnerabilities, Auerbach says. However, OEMs and carriers are unlikely to respond until they have to, after a major security issue puts their customers directly at risk, he says.
"Unfortunately, it might be the case where it will require some sort of big, newsworthy event where users' privacy is compromised in a big way," Auerbach says. "I hope that's not the case. I hope that we can kind of improve security without that, but unfortunately I think it's going to take a lot of press coverage to get mobile platform vendors and manufacturers to really start caring about this issue."