MyMobiSafe.com Official Mobile Security Antivirus Solutions Blog
This blog is managed/edited by Eric Everson, Founder of MyMobiSafe.com. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community.
Thank you for taking the time to review my blog, I am Eric Everson and I am a mobile application developer and self-proclaimed mobile threat hunter. I also manage a blog at MySpace which serves as a journal regarding my startup venture of MyMobiSafe.com available at http://blog.myspace.com/mymobisafe.
Thursday 15 May 2008, 5:15 PM
Mobile Linux Better For Mobile Business Apps?
Mobile Linux Better For Mobile Business Apps?
Author: Eric Everson, MyMobiSafe.com
As mobile Linux is carving it’s footprint on the future of mobile application development, the implication for enterprise applications is also paramount. Does mobile Linux lend itself better to the commercial needs of mobile technologies?
As a mobile security expert, the greatest feature of mobile Linux today is the scarcity of its deployment in the context of third-party applications. From an enterprise perspective one might draw contradiction in that statement, but from a security perspective less is more often more. As mobile attacks are typically designed for the largest stage available, mobile Linux remains obsolete as it is but a blip on the proverbial radar. Additionally in favor of enterprise deployment, mobile Linux provides greater creative control for those new to mobile application development.
Mobile Linux has been praised for its ease of use and adaption into non-traditional developments. As many businesses are seeking to develop internal core applications around their mobile resources, mobile Linux lends itself to this arena while presenting less security vulnerabilities. Within today’s industry dynamics mobile Linux platforms are subject to much less in the way of security breach, while other applications more commonly available contend with hack after hack. As mobile applications become more heavily distributed by peer-to-peer networks, the file infection rate grows exponentially. Thus as most of these applications are not mobile Linux-based there is less risk for malicious carry over at the handset level.
As every business must consider the potential risks of deploying mobile applications, mobile Linux lends itself as a safer Operating System alternative. Using mobile Linux doesn’t guarantee security exclusively, but it might give businesses greater creative flexibility in designing core applications that might otherwise leave them vulnerable in other exploited architectures. The issue remains that the introduction of mobile applications can create a permeable network level entry gateway through the handset level, which is something that all developers must contend with when creating enterprise applications.
If you are considering a mobile application for your business, remember that your mobile security should be your first consideration. How could a breach of your intended mobile app create risk and vulnerability to your organization? If you are considering a mobile app make sure you know what you are dealing with.
Your mobile security guru,
Eric Everson
Eric Everson, Founder – MyMobiSafe.com
Monday 5 May 2008, 3:27 PM
Poor Mobile Banking
Poor Mobile Banking
By: Eric Everson, Founder MyMobiSafe.com
In reading the news this morning an interesting article from Fox Business News titled Mobile Banking to Transform Microfinance caught my eye. In short, the article discusses the capacity of mobile banking to penetrate the shortcomings of financial institutions as a vehicle of the poor. This article if nothing else makes me think that if mobile banking offers so much potential in terms of driving the flexibility of a mobile lifestyle, then why isn’t more being done to secure mobile banking?
As I’ve declared in the past, mobile banking’s greatest security vulnerability resides at the handset level. This means that the lack of security that most mobile handsets have lends them to incredible risk as a financial instrument. Lending from this article, how much more does targeting the lowest income demographics compound the security vulnerabilities that reside in mobile banking? By this statement I merely intend to suggest that this demographic is less likely to use the higher-end handset spectrum (which boasts better security) while they are also less likely to seek a third-party software to bolster the security shortcomings of their handsets.
The article suggests, “A new report from the global microfinance body CGAP predicts that, with the right market conditions, mobile banking could reach large numbers of poor people who are outside the formal financial system.” I do not actually disagree with this, but the issue becomes defining what comprise “the right market conditions” to truly penetrate mobile banking to such a traditionally technology adoption laggard demographic.
As a mobile security professional (with a business degree), I see a much greater need to focus on the handset level mobile security vulnerabilities that threaten the macroeconomics of mobile banking as a whole. If the overall environment of mobile banking is threatened by the gaping holes of handset level security coupled with the grave lack of handset interoperability across the global wireless industry, how will mobile banking ever gain the traction needed to become a standard conduit to the financial industry?
Let’s face it, mobile banking is a newer technology that has some major areas of opportunity with regards to security. As security is only as strong as the weakest link, mobile banking faces serious hurdles at the handset level.
Your mobile security guru,
Eric E
Eric Everson, Founder - MyMobiSafe.com
Article in Reference: http://www.foxbusiness.com/story/mobile-banking-transform-microfinance/
Friday 25 April 2008, 3:58 AM
Mobile Banking: The Weakest Link
Mobile Banking: The Weakest Link
By Eric Everson, Founder MyMobiSafe.com
For many the prospect of conducting their banking by cell phone either strikes them as totally cool or totally crazy. I tend to put myself in the first camp as an embracer of mobile technologies, but admittedly I am not without my mobile security reservations.
As we all know in digital security, the weakest link is always the most vulnerable point of any topology. In mobile banking this weak link happens to be the very handset that we are expected to entrust with our financial transactions. The adoption of third party mobile security solutions is still very limited across the global spectrum of mobile users, thus the greatest level of threat that mobile banking faces has become the very platform of the transactions.
Let us assume that the mobile phone is the next great platform of the digital future and instantly the security that many take for granted on their cell phone becomes a significant bargaining chip for mobile application developers. It is no surprise that industry titans such as Google are jumping into mobile advertising as the industry demographics are so encouraging to their financial prospects. On the other hand, as mobile users are already beginning to experience mobile advertising on their once sacred mobile space one can not help but exercise concern regarding the origination of the content. Just as viruses are spread so commonly through email in a computer-based setting, the content now arriving on your mobile handset may not be as safe as you might hope.
With the popularity of mobile keyloggers, these applications can be easily embedded in a mobile message. Again touching on the limitations of handset level security that are so common throughout the mobile industry, we start connecting the dots of the handset as the weakest link of mobile banking. You get an unassuming mobile advertising (spam) message delivered to your handset and before you know it your seemingly safe mobile banking is compromised from the inside. Your every keystroke can be remotely monitored, thus passing access to your mobile banking into the wrong hands.
Do not get me wrong, I am not trying to deter anyone from adopting mobile banking as I personally think it is a blessing. If you use your handset the way I do, you should at least consider the value of the information you are putting into your handset… since after all it is still the weakest link. I look for many of the banks to start partnering with mobile security firms to address these mobile vulnerabilities head-on, but until then remember to be on the lookout for your own mobile security.
Your mobile security guru,
Eric E
Eric Everson, Founder
MyMobiSafe.com
Friday 11 April 2008, 8:02 PM
Government Alarms Going Mobile
Government Alarms Going Mobile
By Eric Everson, MyMobiSafe.com
The American government has announced their intentions to send nationwide alerts to cell phone users based on three types of events: child abduction, natural disasters, or a terrorist attack.
According to CNN Money, “A nationwide alert system will use cell phones or other mobile devices to send text messages to Americans when an emergency occurs, the Federal Communications Commission will announce Wednesday, according to an FCC representative.” While this is a long overdue move to utilize existing technology for the good of the nation, American’s must take the necessary measures to alter their text plans accordingly.
This development is being celebrated among many that have been pushing for the advancement of wireless notification in the case of missing children. All U.S. cell phone users can already get Amber Alert wireless notifications sent to their phones by visiting www.wirelessamberalerts.org.
The official announcement is expected by next week and marks a leap forward by the U.S. government to embrace wireless devices as a warning system. This progressive stride for wireless technologies speaks to the willingness of the American people to further embrace wireless innovations. As mobile devices continue to replace computer-based communications, this announcement gives further credence to continued wireless venture investment.
As the founder of MyMobiSafe.com, I am glad to see the government implementing this mobile notification system. As the wireless technologies from both a software and hardware perspective continue to develop, it is important that both the government and American citizens alike continue to adopt wireless technologies. With respect to the wireless data traffic that a single notice would generate to reach every American cell phone user, it is easy to see why investors are so eager to embrace the emerging wireless “Bubble II”. Data services have already become a major revenue gateway for service providers, which are only compounded by innovative developments that make wireless communications so wonderful.
Already many sites have launched exclusively formatted for wireless browsers. Sites like MobiShaker.com further add dimension to the flexibility that wireless technologies represent to the American public. This announcement may be simple at face value, but for wireless innovators these mobile alerts represent a substantial embrace of the technologies to come.
Your mobile security guru,
Eric Everson
Eric Everson, Mobile Security Expert
MyMobiSafe.com
Thursday 10 April 2008, 1:16 AM
The Mobile Industry’s Growing DoS Risk
The Mobile Industry’s Growing DoS Risk
By: Eric Everson, Founder MyMobiSafe
In the not so distant past, major labels such as Yahoo and Amazon have become targets of malicious Denial of Service (DoS) campaigns. DoS campaigns are designed to hit servers so hard with false traffic that the real traffic is denied service. Have wireless service providers created a vulnerability that puts them at greater risk for such attacks?
As a mobile security expert and founder of MyMobiSafe.com, the unwillingness of most wireless service providers to adopt handset level security solutions perplexes me. Perhaps it is that by partnering with mobile security providers they believe they are admitting to a veil of ignorance that they have been skirting for years. The problem however is that as handsets and technologies are becoming increasingly developed all the while hackers are ripping that artificial veil of ignorance off of the providers.
One may wonder why wireless providers are at greater risk today than they were before? To this I have a three letter response “GAN”. Generic Access Network (GAN) also known as Unlicensed Mobile Access (UMA) permits the seamless transition between diverse networks. With GAN/UMA when a handset detects a new network, it establishes a secure IP connection through a gateway to a server which creates an alternate base id and allows for differentiated connection protocols to work in tandem. With GMA/UMA becoming more widely
deployed, service providers are allowing subscribers to have direct access to mobile core networks over via IP. This makes it easier to spoof identities and use illegal accounts to launch
a variety of attacks such as… you guessed it, DoS attacks!
If top Internet companies like Yahoo are susceptible despite all of their advanced computer and server-based security measures, it’s easy to see how the top mobile service providers are carrying a much greater risk (especially considering the lack of attention to security the handset level). I look for wireless providers to begin warming up to third-party mobile security providers as the speed of technology is showing no signs of a slow down.
Your mobile security guru,
Eric E.
Eric Everson, Mobile Security Expert
Founder of MyMobiSafe.com
Previous
