Threatening Behaviour

Jay Seaton, Chief Marketing Officer at Airwide Solutions, look at the increasing threat to mobile users as they use their phones to go online and download applications, and at possible solutions

Jay's Airwide In less than 12 months, the Apple App Store has revolutionised the global mobile industry. It has helped usher in a new wave of applications and services which, combined with the greater availability of open mobile networks, lower mobile data costs and the wider variety of Smartphones, has helped create a new type mobile communications experienceone dominated by a new generation of content, entertainment and social networking.
However, the industry is realising that while the opportunity is vast, the new channels of communication can be exploited very easily. This is not only of concern to the mobile operators, application developers and end users, but also to the brands wishing to use these channels to influence the consumer. Unless appropriate controls are put in place to protect people from harassment, unsolicited messaging, inappropriate content and fraud, these concerns have the potential to inhibit the growth of mobile marketing and the usage of messaging and data. Without the ability to preserve privacy by managing content and access, a user has one choice – suffer or switch off the service.

So what are the biggest threats?
As the mobile ecosystem evolves, the threats (namely fraud, theft, virsues and spam) have become more numerous and more aggressive. Almost every day there are reports of new security loop holes being breached but what is making them extra concerning is the ease of which they are being exploited.
Earlier this month, Reuters reported a scam allowing criminals and hackers to send spoof text messages to mobile phones under the guise of a users mobile operator. If accepted, the message was able to change the phones settings, making it vulnerable to further intrusion. Hackers were able to access sensitive information (such as account details or PIN codes used for mobile banking, confidential company information or personal details), steal data, install or remove programmes, inject malicious worms and even access internal mobile operator network resources.
Similar SMS spoof threats were also reported earlier this year such as a threat to the social media tool Twitter. Here, according to tests run by Heise Security, hackers were able to post fake status updates on users private Twitter-feeds, via an SMS faking service.
Although these risks seem relatively small at the moment, with mobile becoming a recognised space of rapid growth particularly with the rise of Smartphones and uptake of external content via applications and enhanced services the problem is becoming more acute. Unless protective procedures are put in place, security flaws like this latest one will leave billions of mobile phones at risk of fraud.

Encryption mechanisms
So how can we protect ourselves against these heightening mobile threats? While there should always be a degree of responsibility for handset manufacturers to provide encryption mechanisms in order to protect their users, we should also recognise that handset based solutions can be limited as they only protect a relatively small number of mobile users from a certain subset of threats. Also, with mobile devices constantly being upgraded and replaced with higher specification devices, security software is often quickly outdated.
There is also of course the risk the subscribers pose themselves. Although most people interact with their mobiles in a responsible way, there is a possibility for users to unwittingly accept a fraudulent installation of new settings if they believe it is coming from a trusted network provider.
One of the most effective answers instead lies with the mobile operators, as mobile security solutions which are deployed on a network level are both controllable and easily upgraded. Currently, many network operators voluntarily police potential fraudsters, but as messaging services continue to grow and become more complex, networks need a comprehensive range of features, such as anti-spam and virus filtering software, EIR systems and blacklisting, anti-spoofing and anti-flooding technology.

Mobile security technologies
Using a variety of mobile security technologies, including anti-spam, anti-spoof and anti-flooding, along with next generation gateways, operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content and block suspicious messages. 

In the case of these latest scams, deploying a combination of spam filtering and anti-fraud techniques would help operators not only block the fraudulent messages, but also disable bypass mechanisms, ensuring they always have full control over the access channel to the subscriber. Filtering content also helps the fight against the spread of viruses and trojans. Blacklisting permits users to block certain phone numbers and incoming messages coming from these phones, whilst EIR systems have proved to be a very useful tool in handset fraud prevention.
With appropriate security measures in place, mobile operators can protect their subscribers and their networks from potentially damaging security risks. As the rise of applications and services continues, they can also protect their revenues, without fear of jeopardising them through malicious attacks. Once customers feel assured they will not receive a barrage of potentially dangerous unwanted messages if they download an application, they will feel more confident about downloading content and services in the future