Smartphones are getting "smarter", so what does the future of smartphone security depend on?
Mobile spyware is becoming more prevalent in devices, and the trend has been growing in recent months. In a 2017 study, every one of the 850 organizations they surveyed had experienced at least one mobile malware attack. In August 2017, the spyware called Pegasus gained "dominance" over iOS. That is, the spyware is able to attack any iPad or iPhone to collect data or spy on the owner of the iPad or iPhone. After Apple fixed these vulnerabilities, another version of Pegasus disguised itself as an app download from the Android store, secretly gaining root access to millions of Android devices again.
Currently, neither Android nor iOS by themselves provide adequate security solutions to protect data from malware threats. For this reason, for the multifaceted use of smartphones, especially for government officials or businesses that use sensitive information, there is now an increasing reliance on mobile security software apps and common sense methods to keep data safe. This presents several problems. First, most of the existing mobile security apps only monitor existing network attacks, various viruses, and malware, and are unable to detect new types of network attacks or malware. When malware masquerades as normal software and functions similarly, the line between malware and normal applications becomes increasingly blurred and identifying the real threat may be and becomes increasingly difficult. Second, common-sense knowledge, such as not downloading apps you don't use, password-locked phones, and frequently changing passwords, can only prevent a certain level of physical threat. The everyday tactics we use (such as locking the phone for user authentication, backing up the device, or updating the software frequently) only protect against physical threats (such as the data in the phone not being compromised if the phone is stolen), but these tactics will be useless if our phone has been compromised by a malicious application.
To date, most cybersecurity companies have mostly focused on software-only solutions for smartphone security as a way to defend against security threats. Personally, I think that in the future a mix of software and hardware isolation can combat smartphone attacks and vulnerabilities. With the reduction in hardware costs, especially the significant reduction in chip costs, we can use plug-and-play hardware to solve the security problems of mobile phones. Plug-and-play microchips provide a hardware-isolated "trusted execution environment" that isolates data within the phone's host architecture, allowing users to store information and process sensitive data independently of the host operating system or network protocol, and to communicate securely through a secure interface. The result is to protect our data from almost all attacks. By combining security software with hardware-isolated containers (e.g. microSD chips), integrated into existing mobile devices (e.g. Android, IOS phones), and users manually isolating data that is important to them, it will be very difficult to leak important data that we have on our smartphones, and we will no longer have to worry about our phones being "hijacked" by cyber hackers.