Jay Seaton, Chief Marketing Officer at mobile messaging company, Airwide Solutions, argues that operators are best positioned to protect their subscribers against mobile phone hacks and attacks
Later today at the Black Hat Cybersecurity Conference in Las Vegas, researchers will demonstrate how they can potentially, in their own words, hijack every iPhone in the World and hack virtually any other Smartphone, using falsified SMS and MMS messages. How to safeguard against such attacks should be a topic for serious debate. At Airwide, we believe the most effective solutions to combat attacks of this nature are those deployed by mobile operators.
The data being carried by Smartphones is increasingly making them more valuable than many computers, and this is putting Smartphones hugely at risk to security threats. SMS and MMS messages are the easiest way for hackers to reach and infiltrate a device, and it falls to operators to employ mobile security solutions to protect their customers from this danger.
Many people assume that the PC security model of software downloads and firewalls is the answer. With the variety of handsets available, however, this isnt an effective option on its own. Adding to the complexity is the range of communication methods that can be carried out on a Smartphone, such as email, SMS, MMS, web and WAP access. Along with these comes a whole host of mobile security threats, such as mobile spam, viruses and phishing.
Handset-based solutions are also limited, as they only protect a tiny number of mobile users. Also, with mobile devices constantly being upgraded and replaced with higher specification devices, security software which is added is often quickly outdated.
The most effective answer lies with an integrated approach, including education to avoid subscribers opening potentially dangerous messages, as well as handset-based solutions and those deployed at a network level. Of all these approaches, however, the most successful single method is the solutions deployed across the network, as they are both more controllable and easily upgraded. Currently, many network operators voluntarily police potential fraudsters, but as messaging services continue to grow and become more complex, networks need a comprehensive range of features, such as anti-spam and virus filtering software, EIR (Equipment Identity Register) systems and blacklisting, anti-spoofing, and anti-flooding technology. Using a variety of mobile security technologies, including anti-spam, anti-spoof and anti-flooding, along with next-generation gateways, operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content and block suspicious messages.
With appropriate security measures in place, mobile operators can protect their subscribers and their networks from potentially damaging security risks. As the rise of applications and services continues, they can also protect their revenues without fear of jeopardising them through malicious attacks. Once customers feel assured they will not receive a barrage of potentially dangerous unwanted messages for downloading an application, they will feel more confident about downloading content and services in the future.