Official Mobile Security & Innovative Technologies Blog
This blog is managed by Eric Everson "The MobileTech". Everson is the Founder of MyMobiSafe.com the industry leader in verified services. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and markets therein.
As a mobile security expert and innovative technologies leader, you can contact me directly at EricEverson@Hotmail.com. I welcome your comments here and I am glad to connect directly if you wish to email me.
Eric Everson is a veteran content contributor at ZDNet.co.uk and explores a variety of topics from innovative technologies to technology-driven business management and strategy.
Tuesday 9 February 2010, 3:01 PM
Malicious Mobile Apps a Growing Concern
Malicious Mobile Apps a Growing Concern
Author: Eric Everson, MBA, MSIT-SE
The phrase “mobile security” does not usually mean much to anyone, until of course they encounter their first mobile attack. For a growing number of App Store and Android Market customers, this is a growing fear that is becoming all too real.
Already in 2010, mobile apps via both the App Store and Android Market, owned by Apple Inc (NASDAQ: APPL) and Google Inc (NASDAQ: GOOG) respectively, have experienced a rise in malicious mobile apps. Often consumers on these popular portals and others like them assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to mobile users.
This rise in mobile threats comes at a time of industry vulnerability as popular app-driven handsets like the Apple iPhone and Motorola Droid are in very high demand. As the app markets are poised for substantial growth in the years ahead, tackling these security issues must remain at the forefront of priorities for industry experts. To combat this problem head-on, MyMobiSafe.com recently launched MyMobiSafe Verified, a service which offers the industry’s first universal verification credentials for app developers. Demand for the MyMobiSafe Verified logo is quickly growing amongst app developers and those shopping for new apps.
App verification is becoming the leading opportunity for legitimate app developers to demonstrate the integrity of their apps in a crowded marketplace that is becoming increasingly at risk from malicious apps. From imposter financial apps to free gaming apps that are phishing for information on handsets, the mobile community is becoming increasingly aware of the importance of such verified services like MyMobiSafe Verified.
As upwards of 10,000 new apps are submitted to these popular app retailers each week, the sheer volume is exposing significant handset-level vulnerabilities. Additionally the growing popularity of the unregulated mobile banking and mobile financial services is attracting an increasing number of hackers into the mobile community.
Securing the Future of Wireless, one App at a time!
To learn more about Eric Everson "The MobileTech" visit his bio.
Author: Eric Everson, MBA, MSIT-SE
The phrase “mobile security” does not usually mean much to anyone, until of course they encounter their first mobile attack. For a growing number of App Store and Android Market customers, this is a growing fear that is becoming all too real.
Already in 2010, mobile apps via both the App Store and Android Market, owned by Apple Inc (NASDAQ: APPL) and Google Inc (NASDAQ: GOOG) respectively, have experienced a rise in malicious mobile apps. Often consumers on these popular portals and others like them assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to mobile users.
This rise in mobile threats comes at a time of industry vulnerability as popular app-driven handsets like the Apple iPhone and Motorola Droid are in very high demand. As the app markets are poised for substantial growth in the years ahead, tackling these security issues must remain at the forefront of priorities for industry experts. To combat this problem head-on, MyMobiSafe.com recently launched MyMobiSafe Verified, a service which offers the industry’s first universal verification credentials for app developers. Demand for the MyMobiSafe Verified logo is quickly growing amongst app developers and those shopping for new apps.
App verification is becoming the leading opportunity for legitimate app developers to demonstrate the integrity of their apps in a crowded marketplace that is becoming increasingly at risk from malicious apps. From imposter financial apps to free gaming apps that are phishing for information on handsets, the mobile community is becoming increasingly aware of the importance of such verified services like MyMobiSafe Verified.
As upwards of 10,000 new apps are submitted to these popular app retailers each week, the sheer volume is exposing significant handset-level vulnerabilities. Additionally the growing popularity of the unregulated mobile banking and mobile financial services is attracting an increasing number of hackers into the mobile community.
Securing the Future of Wireless, one App at a time!
To learn more about Eric Everson "The MobileTech" visit his bio.
Monday 8 February 2010, 2:43 PM
Malicious Mobile Code: What You Need to Know.
Malicious Mobile Code: What You Need to Know.
Author: Eric Everson, MBA, MSIT-SE
The thought of someone hacking into your mobile phone to steal your personal data added to the growing number of mobile threats sounds bad enough, then you come across the industry term “Malicious Mobile Code” and it makes downloading any new mobile app a scary process.
So it sounds like scary stuff, but what is Malicious Mobile Code (MMC) REALLY? If you follow my journal, you know that I’m always knuckle-deep in this kind of stuff, and as a result I’ve lost many good computers and mobile handsets along the way. As threatening as the words may sound, MMC is really an industry catchall phrase that refers to any code that can hinder the operation of a mobile application or device.
Building software is kind of like building a house of cards in that each layer depends on the next to function properly. In software (just as in the house of cards) if you remove or otherwise tamper with a key component it can often corrupt the entire structure. MMC most often attempts to do this very thing by injecting faulty code into a key operating component of your mobile software or Mobile Operating System (MOPS).
Though mobile devices are steadily becoming more sophisticated with added computing power, the reality is that MOPS remain highly vulnerable to such MMC attacks. This is why third-party mobile security software is becoming so important to have on your mobile device. Many of the mobile security solutions on the market today block the MMC similar to antivirus software for a computer.
Additionally, the demand for mobile app-driven handsets is significantly on the rise which is putting many users at greater risk.
Often consumers on the most popular app retail portals assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to unsuspecting mobile users.
This issue has created new demand for services like MyMobiSafe Verified, the first service of its kind that offers a formal review and validation of new mobile apps across every platform (iPhone, Android, BlackBerry, Symbian, Java, Orange, and all others). By creating an environment where developers and the mobile community alike are looking for the confidence of the MyMobiSafe Verified mark, this creates a significant hurdle for unwanted Malicious Mobile Code in the market.
MMC can range from the simplest corrupt code to the worst mobile viruses, yet the phrase and acronym remains as an industry catch all. As a software engineer and one with substantial frontline experience with this kind of code, my words of wisdom are to be cautious of anything that you are loading onto your handset. If it is free, remember that old adage that suggests “nothing good comes free.” In too many cases of mobile apps, free means that there is something else behind the curtains. Start looking for verified apps before you buy them as they will often display an industry-wide recognizable logo. Finally, remember that not all MMC is created equal, in many cases damage is not permanent and can often be repaired by a professional.
Author: Eric Everson, MBA, MSIT-SE
The thought of someone hacking into your mobile phone to steal your personal data added to the growing number of mobile threats sounds bad enough, then you come across the industry term “Malicious Mobile Code” and it makes downloading any new mobile app a scary process.
So it sounds like scary stuff, but what is Malicious Mobile Code (MMC) REALLY? If you follow my journal, you know that I’m always knuckle-deep in this kind of stuff, and as a result I’ve lost many good computers and mobile handsets along the way. As threatening as the words may sound, MMC is really an industry catchall phrase that refers to any code that can hinder the operation of a mobile application or device.
Building software is kind of like building a house of cards in that each layer depends on the next to function properly. In software (just as in the house of cards) if you remove or otherwise tamper with a key component it can often corrupt the entire structure. MMC most often attempts to do this very thing by injecting faulty code into a key operating component of your mobile software or Mobile Operating System (MOPS).
Though mobile devices are steadily becoming more sophisticated with added computing power, the reality is that MOPS remain highly vulnerable to such MMC attacks. This is why third-party mobile security software is becoming so important to have on your mobile device. Many of the mobile security solutions on the market today block the MMC similar to antivirus software for a computer.
Additionally, the demand for mobile app-driven handsets is significantly on the rise which is putting many users at greater risk.
Often consumers on the most popular app retail portals assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to unsuspecting mobile users.
This issue has created new demand for services like MyMobiSafe Verified, the first service of its kind that offers a formal review and validation of new mobile apps across every platform (iPhone, Android, BlackBerry, Symbian, Java, Orange, and all others). By creating an environment where developers and the mobile community alike are looking for the confidence of the MyMobiSafe Verified mark, this creates a significant hurdle for unwanted Malicious Mobile Code in the market.
MMC can range from the simplest corrupt code to the worst mobile viruses, yet the phrase and acronym remains as an industry catch all. As a software engineer and one with substantial frontline experience with this kind of code, my words of wisdom are to be cautious of anything that you are loading onto your handset. If it is free, remember that old adage that suggests “nothing good comes free.” In too many cases of mobile apps, free means that there is something else behind the curtains. Start looking for verified apps before you buy them as they will often display an industry-wide recognizable logo. Finally, remember that not all MMC is created equal, in many cases damage is not permanent and can often be repaired by a professional.
Wednesday 3 February 2010, 3:16 AM
iPad on Lockdown: Apple Faces a Twist of Intellectual Property Law
iPad on Lockdown: Apple Faces a Twist of Intellectual Property Law
Author: Eric Everson, MyMobiSafe.com
Imagine that you have this great product idea and a catchy brand name for it too. As managers, we have all been there at some point or another. Grandiose ideas of being patted on the back and welcomed into the inner circle of the executive leadership team come to mind as you envision all the profit your company is going to earn with this revolutionary new product… then the USPTO (US Patent and Trademark Office) snaps you back to reality as you discover that it’s already been done before!
As a U.S. Company, this is the epiphany that Apple Inc (NASDAQ:AAPL) either failed to acknowledge or figured they had the treasury and legal muscle to flex. As it turns out the iPad, is not a new product in the world of technology, in fact as even some of us more techy types may remember, it was Fujitsu that actually introduced the first iPad. Don’t just take my word for it, just look it up for yourself at USPTO.gov (Hint: start with US Patent: 7,228,469).
How accurate does this sound? “Portable information device, … portable information device, and computer product” If that sounds like one of Steve Jobs’ lines for promoting the new Apple iPad, think again as that text was literally copied verbatim from the Fujitsu owned US Patent: 7,228,469. It would seem that Apple Inc has stepped into the ring with Fujitsu, which is a leading Japan-based company with a beefy balance sheet and domestic access to the legal system that should certainly make Steve Jobs and team consider their next moves carefully.
As I understand it Apple has until February 28, 2010 to decide to fight for the name at the USPTO. The new Apple iPad has iPhone app developers frantic as their current content will lose significant resolution when displayed in full screen on the iPad. Apple released a new SDK exclusive to the iPad this week, which has many developers contemplating if they should invest the time in redeveloping and transferring their product to the iPad.
While the future may bring about a balance where app content can be shared from iPad to iPhone (and back) with ease, in the interim we are granting a specialized MyMobiSafe Verified package that covers content unique multiplatform apps. This will allow app developers to earn their MyMobiSafe Verification for either their iPhone App or their iPad app and use the same credentials at no added cost.
Apple is no stranger to big lawsuits and legal action, but for now, it seems this twist of intellectual property law has plans for the Apple iPad on lockdown.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Author: Eric Everson, MyMobiSafe.com
Imagine that you have this great product idea and a catchy brand name for it too. As managers, we have all been there at some point or another. Grandiose ideas of being patted on the back and welcomed into the inner circle of the executive leadership team come to mind as you envision all the profit your company is going to earn with this revolutionary new product… then the USPTO (US Patent and Trademark Office) snaps you back to reality as you discover that it’s already been done before!
As a U.S. Company, this is the epiphany that Apple Inc (NASDAQ:AAPL) either failed to acknowledge or figured they had the treasury and legal muscle to flex. As it turns out the iPad, is not a new product in the world of technology, in fact as even some of us more techy types may remember, it was Fujitsu that actually introduced the first iPad. Don’t just take my word for it, just look it up for yourself at USPTO.gov (Hint: start with US Patent: 7,228,469).
How accurate does this sound? “Portable information device, … portable information device, and computer product” If that sounds like one of Steve Jobs’ lines for promoting the new Apple iPad, think again as that text was literally copied verbatim from the Fujitsu owned US Patent: 7,228,469. It would seem that Apple Inc has stepped into the ring with Fujitsu, which is a leading Japan-based company with a beefy balance sheet and domestic access to the legal system that should certainly make Steve Jobs and team consider their next moves carefully.
As I understand it Apple has until February 28, 2010 to decide to fight for the name at the USPTO. The new Apple iPad has iPhone app developers frantic as their current content will lose significant resolution when displayed in full screen on the iPad. Apple released a new SDK exclusive to the iPad this week, which has many developers contemplating if they should invest the time in redeveloping and transferring their product to the iPad.
While the future may bring about a balance where app content can be shared from iPad to iPhone (and back) with ease, in the interim we are granting a specialized MyMobiSafe Verified package that covers content unique multiplatform apps. This will allow app developers to earn their MyMobiSafe Verification for either their iPhone App or their iPad app and use the same credentials at no added cost.
Apple is no stranger to big lawsuits and legal action, but for now, it seems this twist of intellectual property law has plans for the Apple iPad on lockdown.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Wednesday 27 January 2010, 3:19 PM
Is Mobile Banking Safe: Redefining Mobile Security through App Verification
Is Mobile Banking Safe: Redefining Mobile Security through App Verification
Author: Eric Everson, Founder MyMobiSafe.com
I was told with optimism recently that there is an upswing expected in the use of mobile banking services in the year ahead for key markets within the US and EU. The trouble is however, this growth is hinged on one MAJOR hurdle which is security.
Just the other week for example, news spread from media sources like USAToday.com confirmed that Google (NASDAQ:GOOG) removed more than 50 mobile banking apps from its Android Marketplace. These apps were just a few of the growing number of phishing apps that hackers are releasing into the financial services sector of mobile banking. The questions on the minds of many is, “How could this happen and is my mobile banking app safe?”
The problem is that until recently there has not been a third-party verification process to ensure the security of these apps, which is exactly why many have started looking for the MyMobiSafe Verified logo before they buy or use their apps. MyMobiSafe.com has introduced the wireless industry’s first verification process for app developers. What makes the company standout is that they work directly with app developers to credential mobile apps across all platforms. From Symbian and BlackBerry apps to Java and Android apps, MyMobiSafe Verified is certainly putting its mark on the industry.
As a mobile security professional, I literally come in contact with thousands of apps in a given week and one thing that is missing from 99% of them is an element of security. The reality is that app users want apps that are fast loading and easy to use; adding in security features to these apps more often than not makes them too robust and slow. In a market where app developers are sometimes making pennies on the dollar from each app they sell, sacrificing the user experience is not worth adding burdensome security protocols.
Mobile banking apps often have more security built-in, but without a verified logo from a credible third party, users simply just do not know what apps they can trust. Digging deeper into the issue of the phishing apps that are becoming so popularized in mobile financial services, mobile security solutions on your handset will not make your information more secure if you are voluntarily putting it into these dangerous apps. This is not to discount the importance of mobile security software on your handset as the state of device-level security remains very limited on most mobile phones.
Mobile verification is a new method that is redefining the way we view security as a mobile community. People are starting to look for the seal of approval from services like MyMobiSafe Verified before they use new mobile apps. This is a paradigm shift from the days when it seemed that any app downloaded from a reputable mobile content distributor (i.e. App Store, Android Marketplace, BlackBerry App World, GetJar, and others) was considered harmless. Today more than ever, the uptick in popularity of mobile financial services is being targeted. Without an authenticated MyMobiSafe Verified logo, how do you REALLY know your app is safe?
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Ref:
http://content.usatoday.com/communities/technologylive/post/2010/01/google-removes-banking-apps-from-android-marketplace/1
Author: Eric Everson, Founder MyMobiSafe.com
I was told with optimism recently that there is an upswing expected in the use of mobile banking services in the year ahead for key markets within the US and EU. The trouble is however, this growth is hinged on one MAJOR hurdle which is security.
Just the other week for example, news spread from media sources like USAToday.com confirmed that Google (NASDAQ:GOOG) removed more than 50 mobile banking apps from its Android Marketplace. These apps were just a few of the growing number of phishing apps that hackers are releasing into the financial services sector of mobile banking. The questions on the minds of many is, “How could this happen and is my mobile banking app safe?”
The problem is that until recently there has not been a third-party verification process to ensure the security of these apps, which is exactly why many have started looking for the MyMobiSafe Verified logo before they buy or use their apps. MyMobiSafe.com has introduced the wireless industry’s first verification process for app developers. What makes the company standout is that they work directly with app developers to credential mobile apps across all platforms. From Symbian and BlackBerry apps to Java and Android apps, MyMobiSafe Verified is certainly putting its mark on the industry.
As a mobile security professional, I literally come in contact with thousands of apps in a given week and one thing that is missing from 99% of them is an element of security. The reality is that app users want apps that are fast loading and easy to use; adding in security features to these apps more often than not makes them too robust and slow. In a market where app developers are sometimes making pennies on the dollar from each app they sell, sacrificing the user experience is not worth adding burdensome security protocols.
Mobile banking apps often have more security built-in, but without a verified logo from a credible third party, users simply just do not know what apps they can trust. Digging deeper into the issue of the phishing apps that are becoming so popularized in mobile financial services, mobile security solutions on your handset will not make your information more secure if you are voluntarily putting it into these dangerous apps. This is not to discount the importance of mobile security software on your handset as the state of device-level security remains very limited on most mobile phones.
Mobile verification is a new method that is redefining the way we view security as a mobile community. People are starting to look for the seal of approval from services like MyMobiSafe Verified before they use new mobile apps. This is a paradigm shift from the days when it seemed that any app downloaded from a reputable mobile content distributor (i.e. App Store, Android Marketplace, BlackBerry App World, GetJar, and others) was considered harmless. Today more than ever, the uptick in popularity of mobile financial services is being targeted. Without an authenticated MyMobiSafe Verified logo, how do you REALLY know your app is safe?
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Ref:
http://content.usatoday.com/communities/technologylive/post/2010/01/google-removes-banking-apps-from-android-marketplace/1
Monday 25 January 2010, 3:51 PM
Verified Mobile Apps?
Verified Mobile Apps?
Author: Eric Everson
Verified services are nothing new to the digital environment; simply look at the success of Verisign, Inc (NASDAQ: VRSN), a company which offers a variety of Internet and communications-related services. While offering a myriad of services all targeting computing industry, VeriSign is perhaps most recognized by its Certificate Services (verification) logo. As the digital environment became riddled with malware, verification quickly took a leading role toward improving digital security and essentially paved the way for eCommerce as we know it today. With smartphones quickly stepping into digital territory which was recently exclusive to computers, verified services are going mobile.
If you perform a Google search for “Verified Mobile Apps” you are certain to encounter JavaVerified, which is Sun Microsystems (NASDAQ: JAVA) verified service arm for Java developers. The Java Verified Program is exclusively for Java apps for the mobile and computing environments. As you scan through your Google search what you will likely also see is information about MyMobiSafe.com, who has released MyMobiSafe Verified, the wireless industry’s first verified services that caters to mobile app developers exclusively. While MyMobiSafe is emerging as the leader in verified mobile apps and mobile verification services, it is truly the rise in security related issues within the mobile environment that has introduced a need for such services.
From the iPhone (NASDAQ: AAPL) to the myriad of new mobile devices arriving with the Android Operating System (NASDAQ: GOOG), mobile users are hungry for new apps. This has led to the introduction of mobile malware cloaked as legitimate apps (already found in both platforms in 2010). This has app developers scrambling to identify a credential, like MyMobiSafe Verified, that “would be customers” could recognize to differentiate their apps from those that could be tainted by hackers.
MyMobiSafe Verified introduces a comprehensive five phase verification process, which is designed to document, test, and sign mobile apps to ensure their security within the mobile community. Where many app developers may forego built-in security protocols due to the threat of hindering their apps performance, MyMobiSafe Verified provides a unique affordable alternative. With mobile apps for financial services on the rise (banking, money transfer, ePayments, etc) the need for verification is certain throughout the mobile industry. For anyone who has ever put their money where their mobile is, the fears can be all too real.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Author: Eric Everson
Verified services are nothing new to the digital environment; simply look at the success of Verisign, Inc (NASDAQ: VRSN), a company which offers a variety of Internet and communications-related services. While offering a myriad of services all targeting computing industry, VeriSign is perhaps most recognized by its Certificate Services (verification) logo. As the digital environment became riddled with malware, verification quickly took a leading role toward improving digital security and essentially paved the way for eCommerce as we know it today. With smartphones quickly stepping into digital territory which was recently exclusive to computers, verified services are going mobile.
If you perform a Google search for “Verified Mobile Apps” you are certain to encounter JavaVerified, which is Sun Microsystems (NASDAQ: JAVA) verified service arm for Java developers. The Java Verified Program is exclusively for Java apps for the mobile and computing environments. As you scan through your Google search what you will likely also see is information about MyMobiSafe.com, who has released MyMobiSafe Verified, the wireless industry’s first verified services that caters to mobile app developers exclusively. While MyMobiSafe is emerging as the leader in verified mobile apps and mobile verification services, it is truly the rise in security related issues within the mobile environment that has introduced a need for such services.
From the iPhone (NASDAQ: AAPL) to the myriad of new mobile devices arriving with the Android Operating System (NASDAQ: GOOG), mobile users are hungry for new apps. This has led to the introduction of mobile malware cloaked as legitimate apps (already found in both platforms in 2010). This has app developers scrambling to identify a credential, like MyMobiSafe Verified, that “would be customers” could recognize to differentiate their apps from those that could be tainted by hackers.
MyMobiSafe Verified introduces a comprehensive five phase verification process, which is designed to document, test, and sign mobile apps to ensure their security within the mobile community. Where many app developers may forego built-in security protocols due to the threat of hindering their apps performance, MyMobiSafe Verified provides a unique affordable alternative. With mobile apps for financial services on the rise (banking, money transfer, ePayments, etc) the need for verification is certain throughout the mobile industry. For anyone who has ever put their money where their mobile is, the fears can be all too real.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Previous
