DAILY

BORDERLESS NETWORKS | ADAPTIVE MOBILE
Ciaran Bradley, VP Handset Security, AdaptiveMobile
Mobile: The New
Frontier for the
Borderless Network
Over the last few years, a perfect storm has been gathering. The dawn of the
smartphone, the tablet, Wi-Fi, and 3G/4G networks have meant that
technology borders have been breaking down creating the borderless
network. We can communicate and share with our friends and colleagues
from anywhere, any time. However, with this change comes a heightened
need to safeguard communications. Unfortunately, not all channels in the
borderless network are created equal: there ARE a wealth of products
available to protect the ‘fixed’ networks, but mobile networks and devices
have become a very attractive target for spammers and cyber criminals and
are the new frontier of the borderless network. This article discusses what
individuals and organisations should be doing to combat threats and why this
is crucial if the mobile users of the borderless network are to be protected.
THE DAWN OF THE BORDERLESS
NETWORK
Why are mobile users such an attractive
popular for cyber criminals? It is not just the
sheer number of mobile devices in use every
day that, unlike PCs, are permanently linked
to a billing mechanism be it SMS, voice calls
or data. In part it is because of our love
affair with our phones - we take them
everywhere and consider them to be very
personal so we haven’t yet learnt to be wary
of the content of unsolicited
communications in the same way we have
with email. This makes us more likely to
click on links in SMS spam or ring premium
rate numbers, and these higher conversion
rates are very attractive to scammers.
Technology also has a part to play. The
Industry has been very successful in making
advanced technology easy to use by the
consumer so it is not surprising that the
average consumer may not fully understand
the implications of clicking on a web link in
an instant message or installing an app from
unofficial channels.
Cyber criminals are motivated and
inventive – they want to make money just like
any other business so they are constantly
looking for new opportunities and attack
vectors. As an industry we need to
occasionally put ourselves in the mind-set of
hackers and cybercriminals. Any time a new
technology or platform becomes successful
and reaches a critical mass the bad guys
PAGE 20
always go probing for weaknesses they can
exploit, or by using it in ways that were not
considered by the designers. For example, we
are increasingly seeing OTT services being
used as a way to deliver SMS spam in telco
networks. Mobile is truly the ‘wild west’ of
the borderless network.
POLICING THE NEW FRONTIER
It is a common myth that mobile threats are
less evolved and less dangerous than their
‘fixed’ counterparts. We have seen a number
of highly engineered and sophisticated
threats spread across mobile networks,
including malware, Trojans, social
engineering and other problems which can
rapidly turn into fraud.
Many threats are simple analogues of
their PC counterparts but the sophistication
of smartphones today has meant that there
are now emerging threats which make the
most of the ‘unified’ nature of
smartphones. We have seen integrated
threats in North America that start off as
spam on instant messaging channels that
get converted to an SMS with a link that
leads to a phishing website that is
optimised for smartphones. Unsuspecting
subscribers can end up giving away
personal information that can be sold on by
scammers, or unwittingly signing up for
services with hidden charges.
To give a further example, we have seen a
trend in the CIS regions over the last year,
where users were sent a number of SMS
messages which informed them that they had
received an MMS message saying “I love
you”. This link was designed to look like URLs
used by local operators and when clicked
automatically downloaded an Android or
J2ME version of a fake MMS viewer
application on the phone. When opened, the
app sent five SMS messages to premium short
code numbers without informing the user. The
Android version also intercepted and deleted
confirmation messages from the short codes
to hide the attack.
We have seen distinct kinds of threats
come from Europe, China and North
America targeting countries in other regions,
and the list is by no means limited to these
countries and regions. Threats are
sometimes explicitly designed to cross
borders to dodge legislation or restrictions
on mobile usage and reduce the chance of
being caught and successfully prosecuted.
Each country has its own individual way of
using mobile devices and consequently its
own vulnerabilities to attack. Operators
more than ever need to be aware of the
damage that can be done to their reputation
by threats emanating from the network.
GAINING PROTECTION
What is required is network-based protection
spanning each service bearer, as well as the
handset itself, providing network and consumer
(subscriber) protection. This enables the operator
to both protect users and offer a range of security
revenue-generating services across SMS, web,
MMS, IM, email and voice. For example,
operators can offer customisable parental
protection controls to consumers, allowing them
to filter illegal and inappropriate content.
By filtering content across the entire
network, such a platform allows operators to
gain a thorough insight into the threats which
are coming through it, protecting and gaining
the trust of the consumer.
As the borderless network continues to
mature, the security threat will rise in parallel. As
hackers develop more intelligent ways of
gaining information and consumers continue to
rank trust high on their list of priorities when
choosing an operator, it is imperative that
operators take the lead in protecting subscribers.
It is only by providing bespoke security against a
range of threats that operators can safeguard the
technology landscape, reduce churn, increase
revenue and neutralise threats to their own
network infrastructure.
Tuesday 26th February MOBILE WORLD CONGRESS DAILY 2013 | www.mobileworldcongress.com