Back in August 2005, one of the first reported cases of mobile security was publicised at the World Athletics Championships in Finland, where there was an outbreak of the cabir mobile phone virus affecting dozens of users at the stadium.
Since then, an increasing number of attacks have taken place, perhaps the largest of which took place in March of this year, where 200 million Chinese mobile users were spammed with unwanted text messages from advertisers. The incident, now referred to as ‘Text Message Gate’ by the Chinese media, put the spotlight firmly on operators to increase awareness of mobile security for users. Indeed, a recent survey by Decipher Inc said that 85% of respondents said enterprises should deploy protection on any mobile device accessing data or systems.
Naturally, the consumer does need to accept some responsibility to ensure their phone is looked after responsibly, as does the handset manufacturer, who can offer encryption technology. However, it also falls to the mobile operators to provide appropriate and tailored solutions that ensure an enterprise’s high risk data is secure.
Experts have long discussed the potential threats to mobile devices, but many people assume that the PC security model of software downloads and firewalls is the answer. Yet with the variety of handsets available this is not
the most effective option. Adding to the complexity is the range of communication methods that can be carried out on a smart phone, such as email, SMS, MMS, web and WAP access, and along with them a whole host of mobile security threats such as mobile spam, viruses and phishing.
Handset-based solutions are also limited as they only protect 1% of mobile users. With mobile devices constantly being upgraded and replaced with higher specification devices, security software is often quickly outdated.
The answer, therefore, lies with the mobile operators. Having multiple sources on offer is therefore the best approach and key to the mix must be a range of security solutions deployed from operators. Currently many network operators voluntarily police potential fraudsters but as messaging services continue to grow and become more complex, networks need a comprehensive range of features such as anti-spam and virus filtering software, EIR systems and blacklisting, anti-spoofing and anti-flooding technology.
Mobile operators need to deploy mobile security tools and services to ensure their subscribers are protected. For under 18s and other vulnerable users, a mobile operator can empower parents to control who can contact their children, and the types of content they are willing to receive. This can be done through content controls which allow parents to prevent children from accessing inappropriate web and WAP sites; receiving unwanted and unsolicited messages such as phishing attempts, bullying and harassment, pornographic images by MMS; or subscription to unwanted premium rate messaging services.
For corporate organisations, operators can not only provide subscribers with the means to enforce corporate usage policies (ensuring mobile data compliance to existing LAN acceptable use policies) but can also extend this capability from internet access to embrace messaging and safeguard users from spam, phishing and virus attacks, while also protecting the operator’s network.
Using a variety of mobile security technologies, including anti-spam and anti-spoof, and next generation gateway operators can detect abnormal patterns in messaging traffic, confirm legitimate senders, filter content and block suspicious messages. Filtering content also helps the fight against the spread of viruses and trojans. Blacklisting permits users to block certain phone numbers and incoming messages coming from these phones whilst EIR systems have proved to be a very useful tool in handset fraud prevention.
But it is not only the end users who are affected. The mobile operators’ networks can also be affected by SMS fraud leading to revenue loss between operators. Studies of operator traffic show that typically 1% to 2% of all traffic carried may be spoofed or faked, which for the large messaging volumes carried, result in direct costs.
By providing corporate organisations with a combination of virus filters, subscriber controls and individual profiles, operators can help equip enterprises with the tools they need to protect their data and reputation.
Growing mobile messaging and data revenues depends upon the growth of accessible mobile content. However without controls, users are potentially subject to harassment, unsolicited messaging, inappropriate content and fraud.
Unless addressed, these concerns will inhibit the growth of mobile phone penetration in new segments, and the usage of messaging and data. Without the ability to preserve privacy through managing content and access, a user has one choice - suffer or switch off the service.
Airwide Solutions is a provider of next generation mobile messaging and wireless internet infrastructure, applications and solutions.
visit www.airwidesolutions.com |