MyMobiSafe.com Official Mobile Security Blog
This blog is managed/edited by Eric Everson, Founder of MyMobiSafe.com. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community.
Thank you for taking the time to review my blog, I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a graduate student of software engineering. As a mobile security expert, I am glad to answer any questions you may have on the topic: EricEverson@Hotmail.com
Saturday 8 March 2008, 4:34 PM
iPhone Goes Third-Party: Security Over Functionality?
iPhone Goes Third-Party: Security Over Functionality?
By: Eric Everson, Founder MyMobiSafe.com
It’s been a few days since the iPhone SDK release, so as the notorious “Mobile Security Guru Guy” I wouldn’t be doing my part if not sharing my initial impressions. As many third-party developers have been speculating “what if” scenarios for months, much of that chatter has been put to rest.
As a mobile application developer, I had to at least sit down with the iPhone SDK to take a tour for myself. Interestingly among the first things I noticed was that the iPhone SDK requires the use of iPhone proprietary API’s. For developers, this means that dreams of hybrid applications in pursuit of iPhone compatibility are basically out. Additionally this takes us to the next road block of the built-in “brick wall data sharing” limitations.
Essentially my concept of the “brick wall” as it relates to the iPhone SDK prevents third-party applications from writing data to any other program of the iPhone. For developers this is where the “brick wall” becomes a hurdle as cross-referencing and application mods are stifled. For iPhone users on the other hand, this is great news for handset level security. This “brick wall” characteristic of the iPhone SDK is designed to prevent the executable features of mobile malware. This means that as iPhone users run third-party content, they don’t have to fear masked-malware.
The greatest limitation that I see in the SDK piggyback Michael Arrington’s issues about background applications. Essentially the iPhone SDK prevents third-party apps from running in the background. As Arrington pointed out, this creates significant issues for traditional background applications such as instant messaging applications. When an iPhone user switches tasks (i.e. when answering a call) the application shows logged out. Naturally this is a major obstacle for potential business applications.
With mobile security at the forefront, the iPhone remains among the most secure handsets. Even with an SDK that encourages third-party development, the security seemingly outweighs functionality.
Cheers,
Eric Everson “The Mobile Security Guru” : )
Founder, MyMobiSafe.com
Friday 22 February 2008, 8:01 PM
On Mobile Security: Sony CEO Suggests Just Throwing Your Handset Away
On Mobile Security: Sony CEO Suggests Just Throwing Your Handset Away
By Eric Everson, Founder MyMobiSafe.com
It frightens me as a mobile security expert and cell phone user alike to see such a lack of mobile security awareness in the wireless industry. Today I caught the C-SPAN2 coverage of the World Economic Forum on the Future of Mobile Technology, and I must say one comment definitely threw up a red flag.
The panel consisted of many influential leaders in wireless including Sony Chairman and CEO, Sir Howard Stringer. The comment that was jaw-dropping and has provided some comic relief at the MyMobiSafe.com headquarters was made by Sir Howard. When an audience member brought up issues of mobile security, Sir Howard stumbled on the question and slipped out the response, “If the handset were infected I guess you could just throw it away.”
Perhaps in a nutshell that sentence alone summaries all of the qualms that mobile security providers face in today’s wireless industry. Those at the top see their products as disposable, neglecting the possibility that their customers actually felt the financial burden of purchasing their new handset. Granted, Sony has no “iPhone” to speak of but the company still offers a slew of upper-end handsets such as their W960i. Handset costs aside, the providers and manufacturers alike have no concept of protecting proprietary data on the handset. I know countless people that use their handsets to exchange inside business related information (competitive pricing particularly).
How can someone at the head of such a potentially influential wireless company seemingly have missed the entire mobile security boat? To paraphrase, “What your phone has been attacked by malware? No worries, just chuck it and run out to buy yourself a new one.” Besides, why should those at the top care about the handset security of the end user? If your phone is rendered useless by a virus or other form of malware, they are just going to make more money when you buy a new phone.
Okay, I’ll curb the rant but surely I can’t be the only one stunned by the lack of concern for handset security. Then again, it seems that mobile technology is moving too fast for many of the good old boys running the industry these days.
Your friend and mobile security guru,
Eric Everson
Eric Everson, Founder
MyMobiSafe.com
Thursday 14 February 2008, 5:18 PM
BlackBerry Outage – You Say System Upgrade, I Say Achilles Heel…
BlackBerry Outage – You Say System Upgrade, I Say Achilles Heel…
Eric Everson, Founder MyMobiSafe.com
Research In Motion (RIM) is in the hot-seat this week as millions were without their BlackBerry service. RIM offered a public apology for what is the second outage in less than a year and later suggested the outage was due to an issue arising from a system upgrade.
As the Founder of MyMobiSafe, my email has been inundated as people worried about a virus or other malware that could have been responsible for the outage. Though RIM is continuing to investigate their issue, this outage stands as a beacon of vulnerability that stems from the centralized approach that RIM uses for the BlackBerry platform. As users (and hackers alike) have drawn from this instance, the central management approach of RIM puts BlackBerry users at an extreme risk. The official statement from RIM suggested “…a problem with an internal data routing system within the BlackBerry service infrastructure that had been recently upgraded.” This “upgrade” may just stand as a precursor of public opinion “downgrade” that the brand stands to face without a serious reconsideration of their existing network architecture.
As it stands today the centralized network architecture of RIM has become the Achilles heel of the brand. As even the Canadian Press highlights, “The concentration of RIM's BlackBerry service at a single network operation centre in the Ontario city of Waterloo, through which traffic such as e-mails are routed, exacerbates such problems and leaves it open to more crashes.” In an era of affordable SONET broadband infrastructure and POP (Point of Presence) Mirrors one must begin to question the current network model that RIM employs. Though I applaud the BlackBerry platform for the range of third party content, this outage under the existing network design casts significant attention onto the brand with regards to mobile security.
As all providers tout mobile security at the network level providing no credence to the handset level of mobile protections, one must ask how safe is the content being shared via the BlackBerry. If at a network level everything is routed through a bottleneck configuration it likely doesn’t take the Founder of MyMobiSafe.com to point out that there may be some mobile security issues users should consider. So rather than just bash the mobile security vulnerabilities of the BlackBerry and RIM network architecture, I’ll offer up a few suggestions that may help the brand recover into the future… after all nobody wants to see the “CrackBerry” become a thing of once upon a time technology.
How does a company like RIM dust themselves off after a debacle like this that carries the foreshadowing potential of tarnishing the brand into the future? The first thing that needs to happen is a renewed commitment to network infrastructure. The company must take an if/then approach to their backend designs. Additionally, a renewed commitment to mobile security must be made publicly to encompass the network and handset level vulnerabilities. Taking on a mobile security partner is likely a great step in this direction. Additionally the company must continue to operate with foresight into the future of the platform. What is going to carry this device into the future? Why can’t users live without this device in place of another offering in the marketplace?
As a word of recommendation however headlines like “RIMs co-CEO downplays BlackBerry Outage” stand to destroy the future merit of the brand. This outage is nothing to sweep under the rug as the technology savvy consumer (from the CIO to the entry level user) is already beginning to question the integrity of the BlackBerry service. As millions across the world conduct business via their BlackBerry (from Firefighters to Financial Analysts) now is no time to have the integrity of the service called into question. I say take the steps to correct the issues and use this opportunity to carry the brand forward. It may prove to be a critical mistake to dismiss this outage as a number of viable alternatives are competing for the RIM market share of the wireless industry.
Cheers from your friend and mobile security expert,
Eric Everson, Founder MyMobiSafe.com
Thursday 31 January 2008, 1:11 AM
iPhone Users Beg For Universal Mobile Torrent Innovation
iPhone Users Beg For Universal Mobile Torrent Innovation
By Eric Everson, Founder MyMobiSafe.com
Despite the risky potential that Universal Mobile Torrents (UMTs) represent the lack of UMTs in the wireless industry is but a gaping hole in mobile content delivery. Torrent technologies ripped through the computer industry via peer-to-peer file sharing, yet the starved for content iPhone users are becoming equally as hungry throughout the mobile industry.
Today buzz sites (pun intended) like MobiShaker.com have come online for iPhone users that are seeking new content. MobiShaker is a new site that places your favorite drink recipes in the palm of your hand so you can better enjoy your role as a bartender, be it for fun or by profession. The thing is that with all of the advances that the iPhone represents, the content that users are begging for is stifled by the lack of UMT delivery.
As handsets advance, the thirst for quality mobile content continues to rise. We all love the added functionality of handsets, but what good is it without loads of content? The UMT represents the next generation of torrent technology. As developers are beginning to work together the reality of early UMTs will certainly be forthcoming. Today there are mobile torrents designed at the OS level for every major mobile Operating System, but the UMT is still the Eleanor (yes that’s a Gone In 60 Seconds reference) of the industry.
By design a UMT can cross all OS barriers to pass content between all handsets. While mobile torrents have already arrived, a true UMT is yet to emerge. For the average handset user, the opportunity that a UMT offers is essentially the key to Pandora’s Box of mobile content goodies. So while you can now get all of your favorite drink recipes via your internet ready phone, that’s just the tip of the proverbial iceberg.
Your friend and mobile guru,
Eric Everson, Founder
MyMobiSafe.com
Friday 4 January 2008, 12:36 AM
AT&T Driving Mobile Open Source Into The New Year
AT&T Driving Mobile Open Source Into The New Year
By Eric Everson, Founder MyMobiSafe.com
It’s been almost a month since Leslie Cauley of USA Today quoted AT&T Wireless CEO Ralph de la Vega in saying “We are the most open wireless company in the industry.” These AT&T claims stand as a bold announcement in the eyes of U.S. mobile software developers, who are accustomed to content restrictions that wireless carriers such as Verizon impose. Restrictions throughout the U.S. wireless industry prevent millions of capable handsets from accessing an abundance of multimedia content. In a surprise bear hug for open source, AT&T Mobility is making friends with many mobile software engineers and developers alike. By embracing the open source movement in wireless, AT&T has set the standard by which all U.S. wireless businesses will be judged through 2008.
As the founder of MyMobiSafe.com, the open source movement in wireless represents a great opportunity for developers to drive the industry into the future. Sure, there will be security concerns along that way (which is where we come in), but collectively open source in mobile is like industry deregulation on a private level. AT&T’s move to embrace open source is exactly what the global wireless industry needs. While this is exciting news for many in wireless, don’t expect that juicy iPhone to be grandfathered into AT&T’s open source movements. As de la Vega said, “The iPhone is a very special, innovative case."
It is easy to see why 2008 is being marked as the year of mobile open source. The move towards open source bodes well for cell phone users and third-party developers alike. The days of universal mobile compatibility are on the horizon, which is paving the future for those of us driving innovative mobile technologies.
Hats off to AT&T Wireless!
Your friendly mobile security expert and mobi guru,
Eric Everson, Founder
MyMobiSafe.com
Ref:
http://www.usatoday.com/tech/wireless/phones/2007-12-05-att_N.htm
Previous
