Latest Podcast



Featured Articles

Ofcom helps protect customers against unexpected roaming charges

Ofcom helps protect customers against unexpected roaming charges

UK service providers must notify customers when they connect to a different network

New rules from UK telecoms regulator Ofcom will protect customers when they use their mobile phone on a foreign network. In addition, customers will be alerted if they are inadvertently roaming, perhaps because they're near an international border.
Author: The Fonecast
0 Comments
Article rating: No rating

Global smartphone market is set for recovery, says new forecast

A new forecast from research specialists Canalys shows the smartphone market is set to recover next year. Worldwide shipments declined by 12% last year but that decline is expected to slow to 5% this year.
Author: The Fonecast
0 Comments
Article rating: No rating
Vodafone and Three plan to merge their UK businesses

Vodafone and Three plan to merge their UK businesses

New Hutchison/Vodafone network would be biggest UK operator

Vodafone Group plc and CK Hutchison Group Telecom Holdings Limited have agreed to combine their UK telecommunication businesses, respectively Vodafone UK and Three UK. The merger will create a large new network operator to compete with Virgin Media O2 and EE.
Author: The Fonecast
0 Comments
Article rating: No rating

UK mobile payment service Paym to close in March 2023

UK mobile payment service Paym will close on 7th March 2023. The service, which allowed users to make and receive payments using their mobile phone numbers, was launched in 2014.
Author: The Fonecast
0 Comments
Article rating: No rating
Qualcomm legal action moves forward in the UK

Qualcomm legal action moves forward in the UK

Which? seeks payout for Samsung and Apple smartphone owners

Consumer protection organisation Which? has been given permission by the UK's Competition Appeal Tribunal to represent Apple and Samsung smartphone buyers in a legal case against chip manufacturer Qualcomm.
Author: The Fonecast
0 Comments
Article rating: No rating
RSS

Opinion Articles

Tuesday, September 27, 2011

Are smartphones endangering security?

Ian Kilpatrick, chairman of IP security specialists Wick Hill Group, writes:

Smartphones are spreading throughout the business world. Their use is growing across organisations and at all levels.

According to Gartner, sales of mobile devices in the second quarter of 2011 grew 16.5% year-on-year. Smartphone sales grew 74% year-on-year and accounted for 25% of overall sales in the second quarter of 2011, up from 17% in the second quarter of 2010.

Not only are the numbers of smartphones growing, their versatility is increasing. Where staff used to carry laptops when they went out of the office, to retrieve email and use other applications on the move, they can now carry just a smartphone.

This potentially allows them to send and receive emails, use a variety of applications, link to the company network to access data and use network-based applications, access social networking sites, and carry out online e-commerce and banking transactions.

A smartphone raises key security issues, which many organisations have not fully realised yet or, if they have, they may not have taken appropriate measures to ensure network safety.

The dangers
The biggest danger, of course, is that smartphones go missing. Many of us will have lost a mobile phone in the past or know someone who has. Research by getsafeonline shows that about one in five owners of smartphone devices can expect to lose or have them stolen at some point.  Surveys show the level of phone loss in London taxis is at a world-leading, and fairly consistent, 10,000 per month. Yes, that’s right, 10,000 per month!

Smartphones are often used for both business and personal reasons and if they are lost, both sensitive company data and personal data stored on the phone may be exposed. Email exchanges could be seen. Personal data relating to online purchasing or banking might be viewed.

If the phone is connected via a VPN, company networks are exposed to malware or could be hacked. Philippe Winthrop, an analyst at consultancy Strategy Analytics Inc., commented: "If I take your device and muck around with it, what if the VPN is set up on it? It's a huge risk not being dealt with enough today."

Getsafeonline’s Tony Neate says: "Users must remember that they are essentially carrying around a tiny laptop with a wealth of personal information that is very attractive to fraudsters."

Smartphones are now at the stage that PCs were at around 1999. Many people didn’t think security was necessary then, hardly anyone had firewalls, but security concerns were beginning to be a focus. It’s a similar situation now with smartphones.

For example, last year the MMS Bomber virus affected millions of mobile users in China, costing them significant sums dialling out on their phones.

It doesn't take long for criminals to think of ways of stealing and using information fraudulently. Some security experts have pointed out that targeting smartphones could potentially be more profitable for criminals than aiming at computers.

Security policies
With the rapid proliferation of smartphones and the very real security risks, organisations now need to factor smartphone use into their security policies and make sure they are managed centrally.

Smartphones have also extended the network boundary even further. Employees may use devices for both company and personal use, bringing dangers to the company network, in the same way that remote workers created new and different security issues for the IT department.

In addition, these devices cross the divide between voice and data, so that companies using them are taking a strategic direction into convergence, perhaps without realising it, and probably without planning for it. They are at the cutting edge of fixed and mobile convergence and users are only rarely required to connect over secure VPNs and even less required to use secure authentication to connect to the network.

Fixed/mobile convergence creates other security and financial threats. Unsecured access to PBX systems (traditional and IP) exposes organisations to an increased risk of toll fraud, as well as risks such as DOS attacks, backdoor attacks on the data network, and call recording.

Security tips
There are a number of basic security procedures which organisations and individuals can take to increase security.

* Use the PIN or passcode function to secure the phone. Don’t rely on the default factory settings.

* Install data wiping facilities so critical information can be destroyed if it’s thought the phone has fallen into the wrong hands. This might happen, if for example, a password is entered wrongly a certain number of times, or when a device has been off the network for a certain period of time.

* Employ time out policies, to prevent further use of the phone, if it is inactive for a certain period of time. This should be initiated from a central management console.

* Install GPS tracking so the phone can be located if stolen.

* Install SIM watch. This reports the new number back to you if the SIM is removed and replaced

* Take a note of your International Mobile Equipment Identity number. The IMEI number is used by the GSM network to identify valid devices and therefore can be used for stopping a stolen phone from accessing the network in that country. It’s easy to find on most phones by typing *#06# into the keypad.

* Take similar data leakage protection measures as with a PC.

- treat the phone like it’s a PC. Beware of phishing emails, don’t follow links you’re not sure of, don’t download anything suspect, recognise the risks of unsecured WiFi connections, etc.

- stipulate that sensitive, critical information should be made available to users of smartphones on a ‘need to know’ basis

- use two factor authentication (with challenge response) to validate access to the smartphone

- encrypt sensitive data, as many smartphones and security suppliers provide facilities to enforce this.  

There is often as much data on a smartphone, as on a laptop, but it is more vulnerable to loss or theft. The ICO (Information Commissioner’s Office) has now started fining organisations which lose unencrypted data that should have been secured.

- run anti-virus. The impact of a virus, both in terms of data loss and financial cost, is considerable

Solutions
Commercial security solutions for smartphones are available from a number of vendors such as Kaspersky Lab, CRYPTOCard and Check Point.

Kaspersky Lab’s Mobile Security 9, for example, helps users to safely browse the web and communicate via social networks. Features include inbuilt GPS to locate a lost or stolen smartphone, protection from malware and network attacks with real-time anti-malware scans, automatic updates and blocking of dangerous network connections.

Conclusion
Smartphones are an incredible tool for a whole range of people and their use will proliferate. However, smartphone security is lagging ten years behind the growth curve, especially as they are so easily lost or stolen.

Smartphones carry with them the risks of any computer on a network and at the same time cross the divide between voice and data, which brings security risks of its own. For an organisation to remain secure, smartphones need to come within the sphere of the security policy, their use needs to be regulated and active steps should be taken to employ them securely.

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Categories: OpinionNumber of views: 4977

Tags:

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Recent Podcasts

Motorola cuts jobs, Digia acquires Qt and Starbucks partners with Square

Podcast - 15th August 2012

This week's edition of The Fonecast starts with news that Motorola Mobility is to lose around a fifth of its staff worldwide. There's also more reorganisation at Nokia, which is passing its Qt software business to Digia.

In addition we're talking about a new US partnership between Starbucks and Square, some good news for Research In Motion, a worrying report for Samsung and a major milestone for Shazam.

Author: The Fonecast
0 Comments
Article rating: No rating

BlackBerry PlayBook, Vodafone's start-up plans, Google Wallet and more quarterly results

Podcast - 8th August 2012

We start this week's edition of The Fonecast with a new product from RIM: the mobile-enabled BlackBerry PlayBook. Next comes Vodafone's move to Tech City and Google moving its mobile wallet into the cloud.

You'll also find the latest batch of quarterly results, some mobile data research and a story about sheep sending SMS text messages.

Author: The Fonecast
0 Comments
Article rating: No rating

Samsung and Apple's quarterly results, smartphone sales figures and much more

Podcast - 1st August 2012

There are plenty of quarterly results to report in this week's edition of The Fonecast, including Samsung, Apple, Telefonica and Facebook. In addition, we have new research that shows how smartphone sales are racing ahead as feature phone sales slow down.

There's also news about mobile coverage in the Channel Tunnel, mobile application downloads and m-commerce.

Author: The Fonecast
0 Comments
Article rating: No rating

Doug Suriano of Tekelec talks about net neutrality for mobile networks

Podcast - 30th July 2012

In today's podcast we're talking to Doug Suriano, Chief Technology Officer at mobile broadband solutions company Tekelec, about net neutrality.

Net neutrality is the principle that consumers are not restricted in the ways they're able to use their internet connection. The topic is often in the headlines, either because some governments may want to prevent their citizens from viewing certain types of information - or because of commercial restrictions.

Author: The Fonecast
0 Comments
Article rating: No rating

Ofcom prepares the UK for 4G, WAC joins the GSMA and O2 talks about compensation

Podcast - 25th July 2012

We start this week's podcast with two news stories from Ofcom. Not only has the regulator announced its plans for the UK's 4G spectrum auction, it's also released research that shows we're texting more than we talk.

There's a look at the changing relationship between HTC and Beats Electronics, O2's apology for the network outage earlier this month and the Wholesale Applications Community's integration into the GSMA.

Author: The Fonecast
0 Comments
Article rating: No rating
RSS
First2930313234363738Last

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«December 2024»
MonTueWedThuFriSatSun
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345

Archive

Terms Of Use | Privacy Statement