DAILY
DAILY
DAILY
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
BORDERLESS NETWORKS | ADAPTIVE MOBILE<br />
Ciaran Bradley, VP Handset Security, AdaptiveMobile<br />
Mobile: The New<br />
Frontier for the<br />
Borderless Network<br />
Over the last few years, a perfect storm has been gathering. The dawn of the<br />
smartphone, the tablet, Wi-Fi, and 3G/4G networks have meant that<br />
technology borders have been breaking down creating the borderless<br />
network. We can communicate and share with our friends and colleagues<br />
from anywhere, any time. However, with this change comes a heightened<br />
need to safeguard communications. Unfortunately, not all channels in the<br />
borderless network are created equal: there ARE a wealth of products<br />
available to protect the ‘fixed’ networks, but mobile networks and devices<br />
have become a very attractive target for spammers and cyber criminals and<br />
are the new frontier of the borderless network. This article discusses what<br />
individuals and organisations should be doing to combat threats and why this<br />
is crucial if the mobile users of the borderless network are to be protected.<br />
THE DAWN OF THE BORDERLESS<br />
NETWORK<br />
Why are mobile users such an attractive<br />
popular for cyber criminals? It is not just the<br />
sheer number of mobile devices in use every<br />
day that, unlike PCs, are permanently linked<br />
to a billing mechanism be it SMS, voice calls<br />
or data. In part it is because of our love<br />
affair with our phones - we take them<br />
everywhere and consider them to be very<br />
personal so we haven’t yet learnt to be wary<br />
of the content of unsolicited<br />
communications in the same way we have<br />
with email. This makes us more likely to<br />
click on links in SMS spam or ring premium<br />
rate numbers, and these higher conversion<br />
rates are very attractive to scammers.<br />
Technology also has a part to play. The<br />
Industry has been very successful in making<br />
advanced technology easy to use by the<br />
consumer so it is not surprising that the<br />
average consumer may not fully understand<br />
the implications of clicking on a web link in<br />
an instant message or installing an app from<br />
unofficial channels.<br />
Cyber criminals are motivated and<br />
inventive – they want to make money just like<br />
any other business so they are constantly<br />
looking for new opportunities and attack<br />
vectors. As an industry we need to<br />
occasionally put ourselves in the mind-set of<br />
hackers and cybercriminals. Any time a new<br />
technology or platform becomes successful<br />
and reaches a critical mass the bad guys<br />
PAGE 20<br />
always go probing for weaknesses they can<br />
exploit, or by using it in ways that were not<br />
considered by the designers. For example, we<br />
are increasingly seeing OTT services being<br />
used as a way to deliver SMS spam in telco<br />
networks. Mobile is truly the ‘wild west’ of<br />
the borderless network.<br />
POLICING THE NEW FRONTIER<br />
It is a common myth that mobile threats are<br />
less evolved and less dangerous than their<br />
‘fixed’ counterparts. We have seen a number<br />
of highly engineered and sophisticated<br />
threats spread across mobile networks,<br />
including malware, Trojans, social<br />
engineering and other problems which can<br />
rapidly turn into fraud.<br />
Many threats are simple analogues of<br />
their PC counterparts but the sophistication<br />
of smartphones today has meant that there<br />
are now emerging threats which make the<br />
most of the ‘unified’ nature of<br />
smartphones. We have seen integrated<br />
threats in North America that start off as<br />
spam on instant messaging channels that<br />
get converted to an SMS with a link that<br />
leads to a phishing website that is<br />
optimised for smartphones. Unsuspecting<br />
subscribers can end up giving away<br />
personal information that can be sold on by<br />
scammers, or unwittingly signing up for<br />
services with hidden charges.<br />
To give a further example, we have seen a<br />
trend in the CIS regions over the last year,<br />
where users were sent a number of SMS<br />
messages which informed them that they had<br />
received an MMS message saying “I love<br />
you”. This link was designed to look like URLs<br />
used by local operators and when clicked<br />
automatically downloaded an Android or<br />
J2ME version of a fake MMS viewer<br />
application on the phone. When opened, the<br />
app sent five SMS messages to premium short<br />
code numbers without informing the user. The<br />
Android version also intercepted and deleted<br />
confirmation messages from the short codes<br />
to hide the attack.<br />
We have seen distinct kinds of threats<br />
come from Europe, China and North<br />
America targeting countries in other regions,<br />
and the list is by no means limited to these<br />
countries and regions. Threats are<br />
sometimes explicitly designed to cross<br />
borders to dodge legislation or restrictions<br />
on mobile usage and reduce the chance of<br />
being caught and successfully prosecuted.<br />
Each country has its own individual way of<br />
using mobile devices and consequently its<br />
own vulnerabilities to attack. Operators<br />
more than ever need to be aware of the<br />
damage that can be done to their reputation<br />
by threats emanating from the network.<br />
GAINING PROTECTION<br />
What is required is network-based protection<br />
spanning each service bearer, as well as the<br />
handset itself, providing network and consumer<br />
(subscriber) protection. This enables the operator<br />
to both protect users and offer a range of security<br />
revenue-generating services across SMS, web,<br />
MMS, IM, email and voice. For example,<br />
operators can offer customisable parental<br />
protection controls to consumers, allowing them<br />
to filter illegal and inappropriate content.<br />
By filtering content across the entire<br />
network, such a platform allows operators to<br />
gain a thorough insight into the threats which<br />
are coming through it, protecting and gaining<br />
the trust of the consumer.<br />
As the borderless network continues to<br />
mature, the security threat will rise in parallel. As<br />
hackers develop more intelligent ways of<br />
gaining information and consumers continue to<br />
rank trust high on their list of priorities when<br />
choosing an operator, it is imperative that<br />
operators take the lead in protecting subscribers.<br />
It is only by providing bespoke security against a<br />
range of threats that operators can safeguard the<br />
technology landscape, reduce churn, increase<br />
revenue and neutralise threats to their own<br />
network infrastructure.<br />
Tuesday 26th February MOBILE WORLD CONGRESS <strong>DAILY</strong> 2013 | www.mobileworldcongress.com