Official Mobile Security & Innovative Technologies Blog
This blog is managed/edited by Eric Everson. The purpose of this blog is to discuss common threats and solutions that exist within the mobile community in addition to the intricacies of innovative technologies and the markets therein.
Thank you for taking the time to review my blog; I am Eric Everson the founder of MyMobiSafe.com. In addition to my duties at MyMobiSafe, LLC I am also a full-time graduate student and mobile industry researcher. As a mobile security expert and innovative technologies leader, I am glad to answer any questions you may have: EricEverson@Hotmail.com
Sunday 23 March 2008, 3:20 PM
MySpace Mobile: The Beginning of Cell Phone Social Networking
MySpace Mobile: The Beginning of Cell Phone Social Networking
Eric Everson, MyMobiSafe.com
In a recent announcement MySpace.com has officially released MySpace Mobile in partnership with Sprint. Could this mark the beginning of “mobinetting” the mobile hybrid of social networking to come?
As many analysts confer, social networking like many other things is migrating into the mobile environment (mobile banking, mobile gaming, mobile gambling, etc). It seems that all things computer-based are finding a new foothold in the emerging mobile entertainment/lifestyle industry. The recent debut of MySpace Mobile is yet another indicator of where things are headed.
It is hard to deny the compelling evidence that mobile usage could replace computer usage in the future. As internet browsers have become a functional reality the computing power of the standard mobile handset has increased considerably too. Many handsets have become minicomputers that make mobile daily commerce a reality. The debut of MySpace Mobile confirms the move by Facebook Mobile to take this step into the future. Mobile entertainment is undeniably becoming a major industry.
Sites like MobiShaker.com, the first mobile mixed drink recipe site have emerged exclusively formatted for mobile browsers. While most of these mobile entertainment sites can be viewed via computer-based browsers, they utilize the simplicity of LCD (Lowest Common Denominator) Development to gain the greatest browser compatibility. As more sites come online specifically designed to accommodate cell phones, the future of mobinetting is being defined. With these new definitions naturally come unique mobile security issues that we must all embrace.
Just as social networking had its hurdles to overcome the emerging mobinetting (social networking meets mobile) user security remains a chief concern. With the limitations of factory mobile security settings, additional issues of handset security also emerge. As we exchange increased content by mobile, each of our “trusted” contacts represents potential security concerns. The very nature of mobile threats revolves around the ability to spread through matched mobile operating system compatibility. As the industry evolves we must be careful when creating mobinetting platforms to inhibit the spread of mobile malware rather than create vehicles of facilitation. In other words, security must remain a top priority in mobinetting.
I am not suggesting any security issues with the MySpace Mobile platform as it is primarily based around receiving alert messages when one receives friend requests, new messages, image comments, and event invites. This doesn’t create any security threat, rather it has established a foundation for the future of mobinetting.
Keeping you ahead of mobile security…
Eric Everson – “The Mobile Security Guru”
Eric Everson, MyMobiSafe.com
In a recent announcement MySpace.com has officially released MySpace Mobile in partnership with Sprint. Could this mark the beginning of “mobinetting” the mobile hybrid of social networking to come?
As many analysts confer, social networking like many other things is migrating into the mobile environment (mobile banking, mobile gaming, mobile gambling, etc). It seems that all things computer-based are finding a new foothold in the emerging mobile entertainment/lifestyle industry. The recent debut of MySpace Mobile is yet another indicator of where things are headed.
It is hard to deny the compelling evidence that mobile usage could replace computer usage in the future. As internet browsers have become a functional reality the computing power of the standard mobile handset has increased considerably too. Many handsets have become minicomputers that make mobile daily commerce a reality. The debut of MySpace Mobile confirms the move by Facebook Mobile to take this step into the future. Mobile entertainment is undeniably becoming a major industry.
Sites like MobiShaker.com, the first mobile mixed drink recipe site have emerged exclusively formatted for mobile browsers. While most of these mobile entertainment sites can be viewed via computer-based browsers, they utilize the simplicity of LCD (Lowest Common Denominator) Development to gain the greatest browser compatibility. As more sites come online specifically designed to accommodate cell phones, the future of mobinetting is being defined. With these new definitions naturally come unique mobile security issues that we must all embrace.
Just as social networking had its hurdles to overcome the emerging mobinetting (social networking meets mobile) user security remains a chief concern. With the limitations of factory mobile security settings, additional issues of handset security also emerge. As we exchange increased content by mobile, each of our “trusted” contacts represents potential security concerns. The very nature of mobile threats revolves around the ability to spread through matched mobile operating system compatibility. As the industry evolves we must be careful when creating mobinetting platforms to inhibit the spread of mobile malware rather than create vehicles of facilitation. In other words, security must remain a top priority in mobinetting.
I am not suggesting any security issues with the MySpace Mobile platform as it is primarily based around receiving alert messages when one receives friend requests, new messages, image comments, and event invites. This doesn’t create any security threat, rather it has established a foundation for the future of mobinetting.
Keeping you ahead of mobile security…
Eric Everson – “The Mobile Security Guru”
Monday 17 March 2008, 5:25 PM
The First iPhone Mobile Torrent
The First iPhone Mobile Torrent Arrives
By: Eric Everson, MyMobiSafe.com
2008 has been dog-eared as the “Year of the Mobile Torrent” so it stands to be expected that the first iPhone torrent has arrived as predicted. For those not yet familiar with mobile torrent technology, the concept of file sharing from one system to others is borrowed from computer-based file sharing applications into the mobile setting.
While that may sound like a natural technology progression, the greatest barriers mobile torrents face is the lack of operating system interoperability that exists in the wireless industry. Where computers are dominated by the Window’s OS, file sharing torrents developed more naturally to create an application that decompiles data on one end to be shared and recompiled at the other end. As demonstrated in computers, this works much better where there is a single OS involved. The wireless industry unlike the computer industry has grown through many proprietary (and now some open source) operating systems. Due to this lack of interoperability created by a myriad of incompatible mobile OS constraints, developing mobile torrent platforms is restricted to a single OS… enter the iPhone based mobile torrent.
Anyone that enjoys “legal” file sharing on their computer, has anticipated the arrival of a comparable technology for their iPhone. This has been the driving force behind one developer’s quest to get the iPhone peer-to-peer (p2p) ready. As reported by Gizmodo.com, “Core, an iPhone Hacker with mad hacking skills, has managed to port to the iPhone a functioning P2P client based on Transmission, which is a popular torrent app for Macs. This is the first time P2P torrent software has run natively on the iPhone…” Essentially this developer has created a platform for what may become the first p2p advance in iPhone mobile torrents.
So if this development conjures up visions of having your favorite share files available in your pocket, don’t get too exited quite yet. The development is not quite packaged for the average user yet. While available online, the current application is a command line client and does not have a user interface so far. Additionally, concerns have been raised about the application completely draining the iPhone battery during file downloads. Due to handset system limitations mobile torrents are notorious for exhausting extensive handset resources which causes the battery to drain very fast. Additionally, due to a small technical user base, this iPhone torrent development still has extremely limited shared content. For many these early issues may make the new iPhone torrent feel more like battery draining malware than like an enjoyable mobile torrent platform. Mobile torrents still have a long way to go until the keys to the mass market ready Universal Mobile Torrent applications are completely uncovered.
As mobile torrents continue to grow in popularity, one must applaud the efforts of “Core” to keep the vision alive. In reviewing this application, Core has provided an awesome platform that is sure to carry iPhone mobile torrent forward. If you have the technical savvy to use the command line client setup of this application, it is definitely worthy of your time… just keep your iPhone plugged in!
Your mobile security expert – Eric Everson, MyMobiSafe.com
For more iPhone Torrent Info visit:
http://gizmodo.com/362823/iphones-first-native-p2p-torrent-app-is-up-and-running
http://www.tuaw.com/2008/03/02/iphone-gets-native-p2p-torrent-software/
http://mashable.com/2008/03/07/tools-torrents-mobile-phones/
By: Eric Everson, MyMobiSafe.com
2008 has been dog-eared as the “Year of the Mobile Torrent” so it stands to be expected that the first iPhone torrent has arrived as predicted. For those not yet familiar with mobile torrent technology, the concept of file sharing from one system to others is borrowed from computer-based file sharing applications into the mobile setting.
While that may sound like a natural technology progression, the greatest barriers mobile torrents face is the lack of operating system interoperability that exists in the wireless industry. Where computers are dominated by the Window’s OS, file sharing torrents developed more naturally to create an application that decompiles data on one end to be shared and recompiled at the other end. As demonstrated in computers, this works much better where there is a single OS involved. The wireless industry unlike the computer industry has grown through many proprietary (and now some open source) operating systems. Due to this lack of interoperability created by a myriad of incompatible mobile OS constraints, developing mobile torrent platforms is restricted to a single OS… enter the iPhone based mobile torrent.
Anyone that enjoys “legal” file sharing on their computer, has anticipated the arrival of a comparable technology for their iPhone. This has been the driving force behind one developer’s quest to get the iPhone peer-to-peer (p2p) ready. As reported by Gizmodo.com, “Core, an iPhone Hacker with mad hacking skills, has managed to port to the iPhone a functioning P2P client based on Transmission, which is a popular torrent app for Macs. This is the first time P2P torrent software has run natively on the iPhone…” Essentially this developer has created a platform for what may become the first p2p advance in iPhone mobile torrents.
So if this development conjures up visions of having your favorite share files available in your pocket, don’t get too exited quite yet. The development is not quite packaged for the average user yet. While available online, the current application is a command line client and does not have a user interface so far. Additionally, concerns have been raised about the application completely draining the iPhone battery during file downloads. Due to handset system limitations mobile torrents are notorious for exhausting extensive handset resources which causes the battery to drain very fast. Additionally, due to a small technical user base, this iPhone torrent development still has extremely limited shared content. For many these early issues may make the new iPhone torrent feel more like battery draining malware than like an enjoyable mobile torrent platform. Mobile torrents still have a long way to go until the keys to the mass market ready Universal Mobile Torrent applications are completely uncovered.
As mobile torrents continue to grow in popularity, one must applaud the efforts of “Core” to keep the vision alive. In reviewing this application, Core has provided an awesome platform that is sure to carry iPhone mobile torrent forward. If you have the technical savvy to use the command line client setup of this application, it is definitely worthy of your time… just keep your iPhone plugged in!
Your mobile security expert – Eric Everson, MyMobiSafe.com
For more iPhone Torrent Info visit:
http://gizmodo.com/362823/iphones-first-native-p2p-torrent-app-is-up-and-running
http://www.tuaw.com/2008/03/02/iphone-gets-native-p2p-torrent-software/
http://mashable.com/2008/03/07/tools-torrents-mobile-phones/
Tuesday 11 March 2008, 2:45 AM
Tough Enough: Sybase Breakthrough Handheld Security?
Tough Enough: Sybase Breakthrough Handheld Security?
By: Eric Everson, Founder of MyMobiSafe.com
This month many may have noticed that Sybase iAnywhere has released their latest “next gen” handset security solution. For many enterprise users the greatest claim this software boasts is message encryption.
As the founder of MyMobiSafe.com, any “breakthrough” (as described in the Sybase press release) warrants my special attention. In learning about the new Sybase product, I must contend that for typical enterprise message encryption this is likely a great tool. Those familiar with the flagship “Afaria” solution are sure to derive added value from the advanced message encryption offered in this new suite.
As mobile data encryption is a specialization of mine, the greatest shortcoming I noticed was the flimsy 128-bit encryption that the program utilizes. The idea of encryption is to create a barrier that can not be penetrated, however as we know “cracking” software is abundant. There are many cracking applications that can drive through standard 128-bit in about 60 seconds or less (i.e. kisMac).
This essentially suggests that if one was targeting the handset level, the right hybrid cracker could be deployed to “breakthrough” this Sybase Breakthrough Handheld Security solution. As a leading mobile encryption expert, I might recommend the adoption of a 256-bit standard to the Sybase development team. With a 256-bit standard there are fewer tools which translates into less barrier penetration. I am not trying to discredit the new Sybase suite as I think it adds a layer of protection that is much needed throughout enterprise messaging. On the other hand, it seems like bad word choice to use the words “Breakthrough” and “Security” in the title of a press release for a technology hinged on 128-bit encryption.
What do I know… I’m just the resident “Mobile Security Guru”. : )
Cheers,
Eric Everson, Founder MyMobiSafe.com
In ref to:
http://www.mobileburn.com/pressrelease.jsp?Id=4260
By: Eric Everson, Founder of MyMobiSafe.com
This month many may have noticed that Sybase iAnywhere has released their latest “next gen” handset security solution. For many enterprise users the greatest claim this software boasts is message encryption.
As the founder of MyMobiSafe.com, any “breakthrough” (as described in the Sybase press release) warrants my special attention. In learning about the new Sybase product, I must contend that for typical enterprise message encryption this is likely a great tool. Those familiar with the flagship “Afaria” solution are sure to derive added value from the advanced message encryption offered in this new suite.
As mobile data encryption is a specialization of mine, the greatest shortcoming I noticed was the flimsy 128-bit encryption that the program utilizes. The idea of encryption is to create a barrier that can not be penetrated, however as we know “cracking” software is abundant. There are many cracking applications that can drive through standard 128-bit in about 60 seconds or less (i.e. kisMac).
This essentially suggests that if one was targeting the handset level, the right hybrid cracker could be deployed to “breakthrough” this Sybase Breakthrough Handheld Security solution. As a leading mobile encryption expert, I might recommend the adoption of a 256-bit standard to the Sybase development team. With a 256-bit standard there are fewer tools which translates into less barrier penetration. I am not trying to discredit the new Sybase suite as I think it adds a layer of protection that is much needed throughout enterprise messaging. On the other hand, it seems like bad word choice to use the words “Breakthrough” and “Security” in the title of a press release for a technology hinged on 128-bit encryption.
What do I know… I’m just the resident “Mobile Security Guru”. : )
Cheers,
Eric Everson, Founder MyMobiSafe.com
In ref to:
http://www.mobileburn.com/pressrelease.jsp?Id=4260
Monday 10 March 2008, 2:15 PM
The MobiTV Debacle: A Mobile Security Issue?
The MobiTV Debacle: A Mobile Security Issue?
By: Eric Everson, Founder of MyMobiSafe.com
Making waves throughout the Internet for surfers alike, MobiTV has created quite a stir lately with what seems to come down to a simple security issue. Usually as the founder of MyMobiSafe.com, I review issues that relate to handset security yet this one comes down to securing website content.
As is goes HowardForums.com was slapped with a cease and desist order by MobiTV due to a link that seemingly “back-doored” the MobiTV content. In reality, this entire debacle comes down to the MobiTV content not being secure from its own website. As Michael Krigsman put it, “Rather than rely on true security, MobiTV placed valuable content behind an open, yet unadvertised, web address.”
MobiTV has since suffered the backlash of their decision to issue a cease and desist order, which for many surfers positioned the company as trying to “censor the Internet”. With hindsight being 20/20, MobiTV probably should have simply secured the content rather than taking legal action. As a mobile entrepreneur myself, I can see their logic however it seems that the emerging media company may have jumped the gun. As every online business must contend with the open nature of the Internet, it is important to think smarter.
This debacle merely highlights the way that e-commerce has challenged the traditional principles of business law. We operate in a 2.0 environment where the challenges of intellectual property law are subject to become outpaced. As technology becomes more sophisticated, so must the approach of business and legal minds alike. As this MobiTV issue highlights, a tactic of backend software engineering could have been a far superior avenue of resolution in this matter. It seems to me that the challenges that technology lawyers face is using brains over brawn. A good technology lawyer might have suggested securing the content rather than enabling this storm of fire that MobiTV has endured.
I don’t want to point my finger at their legal team or even at MobiTV (I happen to love their content and believe it is worth paying for), rather I merely cast my voice of concern for the next company that finds themselves in a similar predicament. If you keep your doors unlocked, you can’t get upset when people come in. While technology law may be due for a 2.0 makeover, in the end it comes down to understanding the intricacies of the Internet as a vehicle for commerce. Old school tactics can only backfire in this new school environment.
In the end, there is no mobile security issue here just a couple of bad decisions that have created waves for the web surfing community. I am confident that everyone has learned some valuable lessons in this debacle. In a mobile environment seemingly starved for good content, I say let bygones be just that and continue to enjoy your mobile technology.
Your Mobile Security Guru – Eric Everson
Eric Everson, Founder of MyMobiSafe.com
By: Eric Everson, Founder of MyMobiSafe.com
Making waves throughout the Internet for surfers alike, MobiTV has created quite a stir lately with what seems to come down to a simple security issue. Usually as the founder of MyMobiSafe.com, I review issues that relate to handset security yet this one comes down to securing website content.
As is goes HowardForums.com was slapped with a cease and desist order by MobiTV due to a link that seemingly “back-doored” the MobiTV content. In reality, this entire debacle comes down to the MobiTV content not being secure from its own website. As Michael Krigsman put it, “Rather than rely on true security, MobiTV placed valuable content behind an open, yet unadvertised, web address.”
MobiTV has since suffered the backlash of their decision to issue a cease and desist order, which for many surfers positioned the company as trying to “censor the Internet”. With hindsight being 20/20, MobiTV probably should have simply secured the content rather than taking legal action. As a mobile entrepreneur myself, I can see their logic however it seems that the emerging media company may have jumped the gun. As every online business must contend with the open nature of the Internet, it is important to think smarter.
This debacle merely highlights the way that e-commerce has challenged the traditional principles of business law. We operate in a 2.0 environment where the challenges of intellectual property law are subject to become outpaced. As technology becomes more sophisticated, so must the approach of business and legal minds alike. As this MobiTV issue highlights, a tactic of backend software engineering could have been a far superior avenue of resolution in this matter. It seems to me that the challenges that technology lawyers face is using brains over brawn. A good technology lawyer might have suggested securing the content rather than enabling this storm of fire that MobiTV has endured.
I don’t want to point my finger at their legal team or even at MobiTV (I happen to love their content and believe it is worth paying for), rather I merely cast my voice of concern for the next company that finds themselves in a similar predicament. If you keep your doors unlocked, you can’t get upset when people come in. While technology law may be due for a 2.0 makeover, in the end it comes down to understanding the intricacies of the Internet as a vehicle for commerce. Old school tactics can only backfire in this new school environment.
In the end, there is no mobile security issue here just a couple of bad decisions that have created waves for the web surfing community. I am confident that everyone has learned some valuable lessons in this debacle. In a mobile environment seemingly starved for good content, I say let bygones be just that and continue to enjoy your mobile technology.
Your Mobile Security Guru – Eric Everson
Eric Everson, Founder of MyMobiSafe.com
Saturday 8 March 2008, 4:34 PM
iPhone Goes Third-Party: Security Over Functionality?
iPhone Goes Third-Party: Security Over Functionality?
By: Eric Everson, Founder MyMobiSafe.com
It’s been a few days since the iPhone SDK release, so as the notorious “Mobile Security Guru Guy” I wouldn’t be doing my part if not sharing my initial impressions. As many third-party developers have been speculating “what if” scenarios for months, much of that chatter has been put to rest.
As a mobile application developer, I had to at least sit down with the iPhone SDK to take a tour for myself. Interestingly among the first things I noticed was that the iPhone SDK requires the use of iPhone proprietary API’s. For developers, this means that dreams of hybrid applications in pursuit of iPhone compatibility are basically out. Additionally this takes us to the next road block of the built-in “brick wall data sharing” limitations.
Essentially my concept of the “brick wall” as it relates to the iPhone SDK prevents third-party applications from writing data to any other program of the iPhone. For developers this is where the “brick wall” becomes a hurdle as cross-referencing and application mods are stifled. For iPhone users on the other hand, this is great news for handset level security. This “brick wall” characteristic of the iPhone SDK is designed to prevent the executable features of mobile malware. This means that as iPhone users run third-party content, they don’t have to fear masked-malware.
The greatest limitation that I see in the SDK piggyback Michael Arrington’s issues about background applications. Essentially the iPhone SDK prevents third-party apps from running in the background. As Arrington pointed out, this creates significant issues for traditional background applications such as instant messaging applications. When an iPhone user switches tasks (i.e. when answering a call) the application shows logged out. Naturally this is a major obstacle for potential business applications.
With mobile security at the forefront, the iPhone remains among the most secure handsets. Even with an SDK that encourages third-party development, the security seemingly outweighs functionality.
Cheers,
Eric Everson “The Mobile Security Guru” : )
Founder, MyMobiSafe.com
By: Eric Everson, Founder MyMobiSafe.com
It’s been a few days since the iPhone SDK release, so as the notorious “Mobile Security Guru Guy” I wouldn’t be doing my part if not sharing my initial impressions. As many third-party developers have been speculating “what if” scenarios for months, much of that chatter has been put to rest.
As a mobile application developer, I had to at least sit down with the iPhone SDK to take a tour for myself. Interestingly among the first things I noticed was that the iPhone SDK requires the use of iPhone proprietary API’s. For developers, this means that dreams of hybrid applications in pursuit of iPhone compatibility are basically out. Additionally this takes us to the next road block of the built-in “brick wall data sharing” limitations.
Essentially my concept of the “brick wall” as it relates to the iPhone SDK prevents third-party applications from writing data to any other program of the iPhone. For developers this is where the “brick wall” becomes a hurdle as cross-referencing and application mods are stifled. For iPhone users on the other hand, this is great news for handset level security. This “brick wall” characteristic of the iPhone SDK is designed to prevent the executable features of mobile malware. This means that as iPhone users run third-party content, they don’t have to fear masked-malware.
The greatest limitation that I see in the SDK piggyback Michael Arrington’s issues about background applications. Essentially the iPhone SDK prevents third-party apps from running in the background. As Arrington pointed out, this creates significant issues for traditional background applications such as instant messaging applications. When an iPhone user switches tasks (i.e. when answering a call) the application shows logged out. Naturally this is a major obstacle for potential business applications.
With mobile security at the forefront, the iPhone remains among the most secure handsets. Even with an SDK that encourages third-party development, the security seemingly outweighs functionality.
Cheers,
Eric Everson “The Mobile Security Guru” : )
Founder, MyMobiSafe.com
