Mobile Devices – the portable threat

Nigel Phair

Nigel is Director of the Centre for Internet Safety, University of Canberra and for nearly five years was the Team Leader investigations at the Australian High Tech Crime Centre. He has published two books on the international dimension of cyber crime and lectures widely at Australian academic institutions. Follow Nigel on twitter @nphair

I remember with fondness the early 1990s, particularly when mobile phones transitioned from analogue to digital.  Back then Nokia and Motorola had the market cornered as they produced the first ‘flip’ phones and all of us who owned one wore them with pride inside faux leather cases attached to our belts.  The monthly plans meant making calls were too expensive but every now and then someone rang us and that made it all worth it.

Who was to think a decade or so later we would all be carrying the ubiquitous smart phone and the handset market stranglehold would now be from a different US company and a couple of Asian tech behemoths. 

It is a similar story for PCs.  Back in the 1990s, home Internet users were saved from having their machines compromised and utilised as part of a botnet, due to on/off dial-up connectivity and ridiculously slow system memory.  Our phones were also safe because no one had built web-browsing capabilities in them yet.

The 3rd annual eCrime Symposium - Ctrl, Alt, Del: Resetting the Agenda will take place 8 & 9 November 2011 at the Ann Harding Conference Centre, University Drive Sth, University of Canberra.  

Time marches on and our constantly online life, while giving us many benefits, has also exposed a seedy underbelly of the Internet in terms of content.  The superfast desktop has allowed criminals to trick us surreptitiously into their robot network, which they utilise for a range of criminal activity including denial of service attacks.

Now that our phones are Internet-enabled, what will happen if botnets, or large networks of infected computing devices, gain a solid foothold on mobile devices?  They could be used to create a distributed denial of service attack against other users or on the cellular network itself, inconveniencing or worse thousands of mobile phone customers.

The mobile communications field is evolving so quickly; learning from the home computer experience presents a unique opportunity to design security properly.

The only handset manufacturer to address mobile security properly so far is RIM with their popular Blackberry devices, which have become the must-have accessory for government employees due to the rigorous security standards they have met (or surpassed).  Added to this is the Blackberry Playbook tablet, which allows the viewing of Flash websites and HD movies.  But RIM has seen its share of the smartphone market drop across worldwide markets as users flock to Apple/Google/Microsoft platforms –brand loyalty is out the window as users seek a device to use for both work and leisure.

RIM's near dominance in the enterprise mobility space is eroding slowly, including competition from Microsoft's Exchange Server using ActiveSync, but BlackBerry still rules when it comes to enterprise security and manageability.

BlackBerry devices are well known for their excellent keyboards and security offerings, but, in the social market, the average smartphone user couldn't care less what goes on behind the scenes, as long as their devices work when they need them.

As mobile phone coverage increases, smartphone botnets could be used for familiar crimes such as spam, and DDoS.  Smartphone vulnerabilities need to be categorised against its use to clearly define between business and personal users.  A virus hidden within a smartphone app could be used from something as simple as tracking the user, to aggregating data to deliver targeted advertising, through to collecting corporate intellectual property secrets, which may be a boon during competitive contract negotiations.  The recent Sophos report on securing mobile workers suggests the use of remote wipe, mobile device encryption and anti-theft technologies to reduce data breach risk.

According to Gartner, there were 80 million smartphones sold worldwide in Q3 2010 alone.  The number of handsets combined with the richness of information contained within makes it a case or ‘when’ and not ‘if’ smartphones will become compromised?  And what of phones becoming ‘bots’?  I will be looking with interest for the security researcher who can come up with an appropriate funky name for mobile botnets.

 

Most recent blogs from Nigel Phair:

Five Eyes

The 2011 Convention on Cybercrime is the first international treaty on crimes committed via the Internet and other computer networks and seeks to harmonise the domestic criminal substantive law elements of offences and connected provisions in the area of cyber crime.

Creating the digital citizen

Digital content is the foundation of modern society and the NBN will deliver it super-fast to everyone’s door. It is in such matter that knowledge is stored and subsequently extracted and exploited, often resulting in social and productivity gains.

Tags: smartphones, mobile devices, Motorola, botnets, Nokia, ubiquitous smart phone, ActiveSync, RIM, Blackberry, threats, Gartner

Show Comments