CanSecWest has wrapped up, and although there was plenty of action in the Pwn2Own contest for their desktop browser bracket, there was nary a peep from the mobile section – BlackBerry, Windows Mobile, Android and iPhone all emerged unscathed. It’s a little crazy when you consider these talented programmers could bust their way into all of the big names (except for Chrome, apparently), and yet not put a dent into the mobile software. Of course, it’s a vastly different ecosystem than desktop computers so there are bound to be some limitations that not even a $10,000 prize could motivate them to surpass.
The mobile platform is limited by both memory and processing power. What that generally amounts to is that the vulnerabilities do exist, but actually exploiting them is complicated and unpredictable. There are additional variables which can be show stoppers just between the hardware manufacturers’s themselves, or the carrier network the phone is associated with. These are just a few examples, and lack of known debuggers for many of the platforms adds limitations.
While it might be safe to call mobile software secure for the time being, I think it’s safe to say the gap between laptop and smartphone is closing, and as handsets expand in function, so will the security holes.