Mobile phone capabilities are growing by leaps and bounds - and so are mobile security threats.
Ten years ago, mobile phone subscribers and operators only had to worry about two security threats: eavesdropping and fraud. Most cell phones operated on reallocated UHF-TV channels using conventional FM radio technology. It was ridiculously easy (though illegal) to tap conversations and pluck phone identities off the air to make free international calls. Fraud was a huge problem for cell phone operators.
Those problems largely dissipated as the industry converted to digital radio technology. The 3G technologies being deployed today make hacking cell phones over the air even more difficult and expensive. Unfortunately, as mobile phones become more capable, a constellation of new security threats have emerged.
A growing percentage of mobile phones can download user applications and content over the air. That means they can also download viruses and spyware. Bluetooth is becoming a standard feature on mobile phones, and there are plenty of handsets with Wi-Fi capability. These short-range radio technologies are a potential backdoor for harmful code. Flash memory cards create another entrance to phones that used to have no windows or doors.
According to SMobile Systems, a company specialising in mobile security, there are more than 400 mobile malware threats, predicted to exceed 1,000 by the year-end. Most are viruses, but mobile spyware is on the rise.
New security-related concerns are popping up. Some operators can track the user's movements. However, this is mainly done with GPS-equipped handsets; the user is only automatically located when calling the emergency number.
There also is the spectre of users accessing pornography in public. Camera phones are a recognised security threat at many business and government locations. Finally, with today's high-capacity flash memory cards, cell phones could become vehicles for unauthorised distribution of copyrighted content.
What can be done about the mobile security threats?
There are several ways to thwart delivery of viruses, spyware and pornographic content to mobile phones. One method is to detect and block unwanted content in the mobile operator's core network before it gets to the user's handset. Companies such as Starent Networks produce packet data serving nodes that can use deep packet inspection to detect and remove security threats and unwanted content.
SMobile Systems offers a client-server solution for protecting mobile handsets. The firm believes the ideal security solution for mobile phones is a small footprint client application that is supported and frequently updated by a server application. The frequent updates ensure the client application is always aware of the latest threats. The client monitors for suspicious activity and, if necessary, can shut down associated processes. As handsets become more capable, they are increasingly used in applications such as mobile commerce, making them more attractive targets for hackers.
A distinction needs to be made between malicious mobile spyware and client applications designed to monitor mobile handset use for legitimate purposes. For example, the industry still has much to learn about making mobile applications and content easy to find and use. There is merit to recording and reporting the number of key clicks it takes users to perform specific tasks. And if subscribers would like to see more advertising-supported mobile applications and content, they need to let operators fully exploit the interactive nature of mobile phones. What's important is not that the information is gathered, but that the individual mobile user remains anonymous.
Mobile security threats are on the rise. But there are also ways to use mobile phones to enhance security, for example, sending a text message to the subscriber whenever their credit card is about to be used to make a major purchase. So while there are security risks associated with more capable mobile phones, the risks can be managed, and are partly counter-balanced by the opportunities these devices present for improving security elsewhere.