Stay Alert

Register now for European Communications keyword alerts and e-newsletters

Stay Alert
BASE STATIONS

Do femtocells and picocells hold the key to the lucrative SME market?

BASE STATIONS
IPTV ADS

The natural symbiosis between IPTV and advertising

IPTV ADS
DIGITAL ISSUE

Check out the latest issue of European Communications in digital format

DIGITAL ISSUE
European Communications
03 January, 2008 14:35 print this article email this article to a friend

MOBILE SECURITY - On to the next level

Mike Hawkes examines the aspects of mobile phone security that seem to be hidden from plain sight

A few weeks ago I was talking with some very well versed individuals from a highly respected anti-virus and security firm addressing mobile security, and was intrigued to note that most of the conversation was around virus protection for mobile phones rather than simple data protection.  Perhaps this isn't surprising, bearing in mind the consumer's innate fear of computer viruses, and how they can steal your life away.  These security companies make serious money combating the destructive and criminal activities of mal-ware distributors, and it makes sense to apply this knowledge directly to mobile phones.
There is, however, a rather important aspect of mobile communication security that is missed in this level of conversation; that of actual data security. 

Viruses have become known as the means of stealing personal data from individuals, which is then sold on for all sorts of fraudulent purposes.  From the hackers' perspective, this has become a necessity for computers because of the trusted and relatively trustworthy nature of PKI for secure Internet communications and also because of the necessity to remotely access PCs through ‘invisible' Trojan-horse applications. 

Mobiles are a different matter.  As m-commerce takes off, an increasing number of services invite businesses and consumers to send and receive sensitive information on the mobile phone. And this trend is only going to grow. 

Yet, measures to tackle security issues that work for PCs cannot be directly applied to mobile phones.  Firstly, mobile phones get lost a lot more often than PCs or even laptops.  It is reported that as many as 10,000 phones are left in the back of taxis in London alone each month. What of all the other taxis in other cities, busses, trains, bars and of course, those phones that are physically stolen?  Anything sensitive left in the inbox or sent items can be readily extracted from the phone.

Data on a mobile phone does not necessarily need to be sensitive for it to be of value to a non-owner either.  Increasingly, items of value are being sent to the mobile, often in barcode format over MMS. There are a number of security risks around this too. For example, with no audit trails, fraudsters can claim not to have received the message and repudiate the payment. Tickets can be bought on stolen credit cards and forwarded for cash.
Possibly more important than the issue of data on handsets, is that of data interception.  Why?  Primarily because radio communications used in mobile phone communications is inherently insecure. To quote a US security expert: "If it has an antenna, it is not secure, period." Additionally, many telecoms businesses are not really aware of what this insecurity entails, let alone of the risks to customers. 

It is true that cell interception remains a low-level threat while the pickings are poor, but as there is growth in localised concentrations of personal data being sent by phone, the incentive for fraudsters to begin cell interception increases. 

A recent example of this can be seen in Westminster, London, where the City Council invites drivers to send their credit card and other personal details via SMS to pay for parking. Other councils around the country are likely to follow suit and introduce similar schemes, creating more honey pots for fraudsters. As cell interception technology is readily and cheaply available on the black market and one can even find DIY instructions on the Internet, cell interceptions poses a real threat to mobile users.

So, there are two clear dimensions of risk here; data that can be taken off the device itself, and data that can be intercepted over the air.  Most interestingly, neither of these risks to personal data is even slightly related to the propagation of viruses between handsets. So where is the opportunity? 

By integrating tools that make phone content only available to the owner of the phone, through on-handset encryption activated through a PIN code for example, lost or stolen phone data becomes unusable for anyone else.  Combined with secure cross-air encryption, the nature of mobile phone communication, particularly SMS and MMS, has the potential to change dramatically. 

Mike Hawkes is CTO of Broca Communications

Share this article with others

post to delicious Post to del.icio.us

Comment on this article

Skip to comments

We encourage users to analyse, comment on and even challenge European Communications's articles, including the one above - 'MOBILE SECURITY - On to the next level'

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site.

Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. We will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site.

Printed from http://www.eurocomms.com/features/112064/MOBILE_SECURITY_-_On_to_the_next_level.html

Hot searches

Read more about...

Get our news by email

You can have European Communications news sent straight to your inbox either as it is published or, if you prefer, as a regular newsletter.

Click here to find out more

If you have already registered log in here to view or update your email settings, or if not, set up a FREE account.