M2M is an exciting area for operators. Not only does it allow them to expand subscriber numbers in developed markets, but it offers operators the chance to expand their offering into something other than simply handling people’s communications. If done correctly, it allows them to move into areas such as connected healthcare and transportation which will be of critical importance to the society of tomorrow.

And that’s where the need for security comes in. As the importance of these communications is greater for certain devices, then the requirement for security is greater as well.  Recent reports of wirelessly hacking medical devices, and our own illustration of the vulnerability of a mobile controlled front door controller shows the type of effects that the lack of security can have.  

M2M security cannot be approached light-heartedly. Some may point to the use of private dedicated APNs for M2M devices as providing all that is required for M2M security. However that ignores the fact that many M2M devices will never have a private APN dedicated to them, and that many M2M devices today communicate via the same network that people use. A further complication is that these networks often rely of people forming a critical part of the security, another re-conception that needs to change to implement M2M security..

We need to make sure then that security is designed from the offset, for as Sinisha Patkovic of RIM memorably described at the recent AdaptiveMobile–sponsored MWC Mobile Security Forum, “security is like eggs within your cake. It’s a lot easier to add the eggs when you bake the cake, than try to add the eggs after the cake is done.”  Lets get the ingredients for M2M right from the start!

AdaptiveMobile’s Network Protection Platform has been shortlisted in the category of “Best Technology Product or Solution for Safeguarding and Empowering Customers”. This is a new category added to the awards line-up this year and further demonstrates the importance of mobile security in today’s environment. Mobile threats are growing in size and sophistication and Adaptivemobile is leading the way in ensuring that subscribers and operators remain protected. This year saw the highest level of entries to the awards and therefore we are even more thrilled to have been nominated. It is great to be recognised for our hard work and continuous innovation in mobile security.

The winners of the awards will be presented during the GSMA Global Mobile Awards Ceremony at MWC in Barcelona on the afternoon of Tuesday, 28 February – just two weeks away!

With smartphones and applications making services instantaneous, persistent and location-conscious, we have to be aware that our identity and personal data is more vulnerable than ever.  The thrill of trying out a hot new app or staying up to date on social networking sites leads the majority of users to ignore the annoying requests for permissions. But the majority of apps don’t need to access your location or your information, and many apps are not what they seem.  Whether these are grey-market versions of legitimate applications that have added in Trojan features to capture user data; or ad-funded games where the location information is used to improve advertising effectiveness; users rarely understand when information is being passed from their phone, and who may eventually end up with this data.

Add to this the ease with which your character can be poisoned within your social networks – through apps consistently spamming your contacts highlighting how cheap you are to have taken an illegitimate unlicensed app rather than paying the £1 for the real version; or acting as a spam bot to promote malware sites through your twitter account – and the potential downside of social media and location-based services becomes clear. 

The reality is that whilst users express outrage when they believe their data may not be secure, many are unwilling to protect themselves. AdaptiveMobile’s recent research showed that whilst two thirds of consumers hate apps leaking their data, 75% may be giving away their physical location when downloading them, with mostexpecting mobile operators to look after their security and personal data. Mobile operators have been very careful in defining how location data is used and have standards on location tracking, however the top Internet players aren’t as stringent. Therefore consumers need to be extra vigilant when allowing apps to access location information. With mobile threats becoming increasingly sophisticated and the increasing use of smartphones for social and location services, mobile operators need to realise that the traditional security practices are no longer sufficient.

Please note that you will require an Exhibition Visitor Pass to gain access to the Forum and as a gold sponsor we are able to offer a limited number of complimentary Exhibition Visitor Passes. Spaces are limited and require prior authorisation.

If you would like to meet with the AdaptiveMobile team at Mobile World Congress 2012 (or a suitable date and location) to discuss the very latest mobile security solutions, please confirm your availability here.

We look forward to seeing you in Barcelona. 

With the rise of online hacking and an erosion of privacyfrom the Government, secure channels are more important than ever. Any site can provide such a secure channel – all the owner needs is a cryptographic certificate signed by a global trusted third party.

Researchers recently suggested that the secure sockets layer (SSL) and transport layer security (TLS) encryption protocol, used by millions of websites to secure web communications via HTTPS, is vulnerable to attack. This does not appeared to have worried browser developers, however this has probably accelerated the overhaul of the SSL ecosystem.  It seems there is a more serious vulnerability with SSL however that is going to cause more than just security concerns – the Government. With the rise of online hacking and the use of social media for organised crime such as the recent riots, the Government and authorities are increasingly looking to know what is inside the channel, which will likely open up the browsers to even more exploits.

To circumvent country specific restrictions, conceal IP address or location people often use anonymous proxy web sites, but introducing measures to detect the use of these is a trivial exercise for mobile operators and ISPs.  Introduce HTTPS into that and all that can be seen is that the user is accessing an IP address and the data is encrypted.

So what is the solution? Many experts will propose that the ISP or mobile operator should provide the cryptographic certificate on behalf of the web site the user is trying to access.  This will allow the request to the anonymous proxy site to be viewed once again and the end user protected. However in this process, the once secure channel becomes viewable.  This solution is commonly referred to as a man-in-the-middle attack, where the ISP or mobile operator is posing as the issuer of the certificate.

It should be noted that this doesn’t work, especially if you are attentive to browser warnings. The ISP or mobile operator does not have the authority to issue a certificate on behalf of the secure web site you are accessing and your browser will complain.  This sort of solution will only lead to the weakening of the secure channel.  If an ISP or mobile operator is required to issue fake certificates so that authorities can view or control web browsing, users will be constantly required to accept and eventually ignore the browser warnings.  This will mean legitimate sites such as banks will become susceptible to being spoofed by hackers who manage to compromise DNS servers or home computer DNS caches.  To the user, it will appear they are going to their secure bank, but they will in reality be accessing the hacker’s bank.

So what can we do about it? We need to ensure that certificates are valid and heed the browser warning. In fact an ISP or mobile operator has the capabilities to ensure that only valid certificates are passed to users, and this can be done without any risky invasion of privacy or compromise in security. Malicious or illegal web sites should be blocked, even if they are HTTPS, by denying the certificate issued by the malicious site from being downloaded and stopping the web site from being accessed.

Most importantly, we shouldn’t try to look into the secure channel at all. The Governments plans to filter social media to prevent any further outbreaks of violence and crime will cause more damage than good, only leading to a watering down of web security. 

Asking a simple client based app to monitor and inspect everything going into and out of today’s smartphones and tablets (let alone PC’s connected via 3G or 4G sessions) is a tall order. Vast amounts of incoming and outgoing data comprised of web requests (and resulting downloads), Twitter feeds and Facebook updates (including tinyURLs that mask the true destination of a web link), emails with attachments, SMS with a new language of acronyms and the plethora of application updates is a lot to handle for both the software  and the device. In fact, it’s been suggested that if a truly capable client app arrived in market checking every byte for potentially malicious content, your device would be too busy to allow you to make a call and your battery would last less than an hour.

In a world where over 24 hours of YouTube video is uploaded every minute, there is no denying that the transmission of data has surpassed forecasts. While we ponder this fact for a moment and reluctantly accept it, many still question that mobile malware is exploding exponentially also. Sure, sometimes it seems like it is being a little overblown by the IT media pundits, but the fact is that your device – any device – has information that is valuable to cyber-criminals. Therefore it is an attractive target. More devices equals more data, and more data provides a goldmine for cyber-criminals.

While I don’t expect client applications to disappear from the app markets as a result of these studies, I do implore carrier and corporate security analysts – and everyday mobile subscribers – to understand and accept the limitations of such software. After all, as with many things in life, you get what you pay for.

Mobile security threats may still be in their infancy, but it is only a question of time before these develop. Desktops may have been around for ages, but mobile security is still growing – this doesn’t mean we should neglect it – if anything it should be implemented now – to protect users from the evolving threats of the future. Moreover, as tablet and smartphone penetration continues to grow, and the consumerisation of IT develops, the data stored on mobile devices will become similar to that on a desktop. Mobile devices will provide hackers with a back door into a company’s network –the chances of employees losing a smartphone or tablet are considerably higher than losing a desktop – therefore mobile security, should not, and could not be ignored.

In my opinion, the main challenge hindering the growth of mobile security, is not the fact that the problem is not severe enough, but instead confusion over where the responsibility for protection against such threats lies. Does responsibility sit with the handset manufacturers, the mobile networks, the organisations or the staff themselves? The answer is in fact a combination of all of the above.

Whilst on-device security measures are becoming more common and certainly have a role to play, they alone cannot offer the levels of protection that users, businesses and mobile operators require. In the modern organisations of today all employees need to be quasi-security officers, while mobile network operators must take the lead in mobile data content and connectivity protection - enabling organisations to protect themselves and their employees.

However, I had little consideration for how my personal and professional worlds might collide until I saw this article from WebPageFx Weekly.In this powerful ‘infographic’, the folks at WebPageFx suggest that global spam has a more-than-insignificant effect on our global Carbon Footprint.

Who would have guessed?

They claim that over 28 million metric tons of CO₂ are expelled into our atmosphere every year as a result of the combined effect of the world’s spammers and while a relatively low percentage is associated with the creation and distribution of spam, over 50% of this amount is related to viewing and deleting spam.

Imagine if the world’s operators could identify and remove spam from their networks before they reached their intended (albeit reluctant) recipients?

While, I’m sure this is only a tiny fraction of the effect we have on our planet and what we leave our descendants, it is encouraging to know that solutions such as Adaptive Mobile’s Network Protection Platform could have such a positive effect.

Companies –including mobile operators - all over the globe are looking for ways to reduce their contribution to GHG (Green House Gases) and I am happy to claim (to some extent) that my professional life is in tune with my personal convictions.

I’m quite sure that bumper stickers announcing “Save the Earth: Filter Spam” won’t take off just yet, but this is an interesting consideration regarding the overall effect spam has on our planet.

The FCC has announced that wireless-phone customers will begin receiving real-time alerts next year if they are about to go over their monthly voice, data or text-message limits. While this is a typical practice for some operators, encouraging all carriers to adopt this practice is a favorable development for both US carriers and their consumers – and, based on carriers’ widespread acceptance of the new standards, they are well aware of this fact. 

Carriers will not benefit in the long run by allowing customers to unassumingly run up large bills.  Such behavior renders consumers prime targets for mobile exploitation, and puts carriers in the hot-seat when it comes time to assign blame. 

I, for one, recently experienced an ‘incident’ whereby I was notified – just two weeks into my monthly billing cycle - that I was at 90% of my monthly data quota. I inspected my data usage online and was surprised to see that at various times over the previous few days, I had been transferring vast amounts of data at 4am in the morning. I called my carrier’s customer care department who suggested (naïvely in my opinion) that data transfer was ‘normal’ and that ‘Android applications are often updated automatically’.

As an informed subscriber I understand that, but over 50Mb of transfers night after night without my knowledge/approval??? Was I a spambot?

And before you ask: yes, I had a client security app installed – and no, it knew nothing of this behavior (a reason to favor network-centric security solutions if I ever heard one).

But bottom-line, I would have known nothing of this had my provider not indicated I was nearing my quota. Therefore, It is essential that as consumers we maintain an awareness of the charges on our bills.

We at AdaptiveMobile have seen cybercriminals exploit the fact that small charges (or data transfers) are most often overlooked.  These charges can be the result of malware, premium SMS usage, or visiting fraudulent websites, and the criminal is counting on the fact that the consumer will not notice the amount.  In one case, we saw an SMS scam net $2 million within a mere period of days, illustrating the unfortunate validity of this threat.

As a result, the introduction of real-time alerts can only be a good thing for mobile users and carriers alike.

I think it is important to read behind the headline and understand the implications of what was being announced, and importantly the voluntary steps being made by BT, Sky, Virgin and Talk Talk. The reality is that this is not about a big brother society, but instead about empowering and enabling families to actively manage their personal choice. In a world where information is available at eveyones fingertips, the crackdown will ultimately allow children of all ages to safely explore the online world and use its capabilities as a learning, entertainment and social tool.

In a multicultural society we do not fit in to a ‘one size fits all’ model. By providing  choice to parents and guardians to select what they want their children to have access to online, is a technology that reflects the reality of our everyday live's.

Power to Mummy and Daddy, not big brother!

Graeme Coffey, Director of Technology Strategy, AdaptiveMobile