So, it's Tuesday morning in London town and I've been up since 6:00 a.m. staring at a monitor, trying to free myself from PowerPoint hell (it's all rock and roll I tell ya!). Anyway, this morning I stumbled across an InfoWorld article entitled “Hackers to target mobile banking, study says.” This article seems to have been spun out of a press release by the Tower Group entitled “Increases in Mobile Fraud and ID Theft Could Hamper Mobile Payment / Banking Initiatives.” The press release, in turn, references a report entitled “Fraud, Virus and ID Theft: Mobile Malware Stands to Create a New Beginning.” While I've not read the report and may not agree with the notion that security issues hamper payment / banking initiatives (just look at the world that is the Internet—yeah, security really hampered that...
The release of the Apple iPhone immediately raised the eyebrows of those in security. The iPhone's operating system is based on OS X and thus, some observers assumed malicious code would be possible and potentially rampant.
However, these concerns were a bit premature. Steve Jobs has confirmed that consumers will not be allowed to install just any third party applications. “These are devices that need to work, and you can’t do that if you load any software on them,” he said. “That doesn’t mean there’s not going to be software to buy that you can load on them coming from us. It doesn’t mean we have to write it all, but it means it has to be more of a controlled environment.” [New York Times]
The lack of the ability to install just any software will greatly mitigate the risk of malicious code on Apple iPhones. Can malicious software exist? Will malicious software exist? Probably, but the amount of malicious software will definitely not be on the scale as it is today...
Back in November, I gave a presentation to a cellular industry conference entitled “Overcoming Mobile IM Security Threats.” The purpose of this presentation was to identify the types of threats that IM has faced in the desktop world, discuss how these threats could move to the mobile world, and cover how threats could be mitigated by operators and independent software vendors before services are launched.
The threats that utilize IM are well documented by Symantec and others. An interesting thing about Mobile IM is that users of these devices can and have started popping up on legacy Internet-based IM networks. There had been talk of operators going down the route of closed IM networks for their subscribers, but now it is clear that some operators are choosing public Internet-based IM networks. This means that these Mobile IM clients...
UMA (Unlicensed Mobile Access) is a set of specifications now known as “Generic access to the A/Gb interface; Stage 2.” The purpose of these specifications is to allow cellular operators to terminate cellular services over unlicensed mediums that utilize IP. The original specifications catered to Bluetooth and WiFi, so the benefits of such a technology should be obvious. In the home or in metropolitan areas, it allows operators to move away from technologies that are costly, slower, higher-latency, or bandwidth-limited. By doing so, they reduce their own costs and improve user experience.
In March 2006, I wrote an internal Symantec paper entitled “UMA Attack Surface Analysis.” The purpose of this paper was to discuss the increased risks that subscribers or operators may be exposed to as a result of deploying UMA technologies. While I’m not...
