Mark Bridge writes:
Much of Bletchley Park’s history involves code-breaking and intercepting radio messages so - when Over The Air 2011 brought hundreds of mobile developers to the site - it seemed appropriate to explore the subject of mobile phone security.
In particular, there were a couple of sessions on the agenda that caught my eye. Detective Sergeant Andy Williams of the National Mobile Phone Crime Unit started by talking about stolen phones... and asking if mobile applications could help with this problem.
With nearly 10% of all crime across the United Kingdom involving the theft of a mobile handset, it’s a serious problem for the police and for the mobile industry.
Andy suggested that applications could help before a phone was stolen, perhaps by reminding an owner to register their IMEI with immobilise.com, and apps could also help after a loss or theft by securing the user’s personal data and helping find the device.
However, he admitted that many of the issues surrounding phone theft aren’t technology related. Giving a child a high-value iPhone has the potential of making them a target for thieves, warned Andy, who said “We need a bit of parental responsibility sometimes to say to youngsters: No, you can’t have this.”
But that doesn’t mean phone crime is all about the physical device.
“More often than not, particularly when we’re talking about organised criminals, the value of data on a handset is just as valuable - potentially - as the device itself”, he explained. “Organised gangs will interrogate phones for data that people have left on them, to consider things like identity theft, taking over people’s accounts, fraudulently using that data to commit other types of crimes.”
It’ll be interesting to see how developers respond to Andy’s call.
Following Andy Williams was Craig Heath, co-founder of information security business Franklin Heath. His topic was ‘Mobile Application Security and Mobile Security Applications’, a piece of wordplay that intrigued me.
“My basic message was: I think a lot of developers see security on mobile phones as a hindrance to them”, Craig said. “They have to, for example, purchase a signing certificate, they have to submit their applications for QA, going through app stores and so on. I wanted people to understand that it’s not for no purpose. We are seeing attacks using applications on phones that are making significant amounts of money for organised criminals”.
As well as covering the security challenges faced by mobile application developers, Craig also talked about using security-focussed applications to help consumers stay in control of their device and their information.
I asked Craig why the mobile industry didn’t seem as concerned about security software as PC manufacturers were.
“We’re starting with mobile phones from a better position than was the case for PCs. Having seen what had happened with PCs, and recognising that mobile phones are going to be able to access a lot of personal information about people, security was designed in to these platforms early on. The virus pandemic that a lot of people were predicting for mobile never happened because certain ‘friction points’ that happen in the delivery of an application to a device mean it’s much harder for these things to propagate than it is on a PC. You don’t get the same ‘infection vectors’ that you get on PCs.”
Craig says mobile fraud is on the increase but it’s often crime such as ‘phishing’, which involves a consumer inadvertently giving their data away or choosing to install a rogue app. As a result, conventional anti-virus software is ineffective - but it’s possible to create other app-based solutions that would help consumers control their phones and, at worst, minimise their losses.
Once again, it’s mobile developers who are being asked to inspire the next crime-fighting move.
|You can listen to my full report from Over The Air 2011 with Andy Williams and Craig Heath on our website, via iTunes or by downloading the MP3 file.