Smartphones Change the Threat Level Significantly

Security Expert Talks Mobile Security Concerns

Get the WebProNews Newsletter:

[ Business]

Mobile devices these days are often smaller, thinner, and lighter, but are able to deliver a plethora of content. WebProNews spoke with Gal Salomon, CEO and Founder of security firm Discretix, about embedded security and security concerns that come along with an industry of smarter phones.

WebProNews: Please tell us a little bit about what mobile embedded security is.

Gal Salomon: The purpose of embedded security is to establish a trusted core within the device so that services providers and device manufacturers can deploy services while guaranteeing the proper operation of the device. Embedded security for a mobile device is comprised on a number of different components, integrated into the main processor sub-system, operating system and application layer of the device.

1. Applications Layer: Applications such as DRM and SIM Lock as well as security system features such as secure boot and secure debug.

2. OS Layer:  encrypted storage, secure key and certificate management and cryptographic services.

3. Hardware Layer: Secure execution environment, cryptographic accelerators, unique device key and a random number generator.

Embedded security solutions are typically delivered as a combination of semiconductor IP and software.

WPN: What kinds of threats are out there for users of mobile devices?

Gal Salomon GS: The threats can be divided into 2 main categories:

1. Data – These attacks target information or content stored on device and can range from “ripping” protected content to corporate or private information being accessed by unauthorized personnel. Examples include smartphones that store sensitive corporate information being lost or stolen, or personal data such as PIN codes and addresses being extracted from the device, without the owners’ knowledge or consent.

2. System – These attacks target the inner workings of device and can range from malware to device cloning. Examples include a 3rd party application purchased from an app store that contains spyware to monitor the device and the content stored on it, or a sophisticated attempt by a professional hacker to clone a device. 

WPN: What are some ways mobile security issues are impacting marketers looking to go mobile?

GS: Security is [a] key consideration for any application developer looking to go mobile. Vendors like Paypal, RIM and Apple all deploy a wide range of security mechanisms to ensure that their applications are trusted. Moreover mobile security is a moving target, with hackers constantly testing the strength of the underlying security and developers constantly plugging gaps and improving the overall level of robustness of their security solutions.

WPN: How are mobile eCommerce sites affected?

GS: In order for ecommerce sites to capitalize on mobile commerce, they will have to integrate [a] additional security mechanism for mobile commerce. 

WPN: What kind of trends do you expect to see this year in mobile security? Any new trends or changes in 2010?

GS: 2009 is undoubtedly the year of the smartphone with Apple, Nokia, RIM, Google, Palm and Microsoft all delivering amazing products. Smartphones change the threat level significantly, and will boost the awareness and deployment of mobile security solutions. Smartphone are based on an open (and as such insecure) operating system vulnerable to malware, viruses and spyware. Moreover smartphones are design to deliver a wide range of applications (commerce, mobile TV, enterprise apps and music) each with its own set of security threats and requirements.

We’d like to thank Mr. Salomon for sharing his insight into mobile security with WebProNews readers.

Smartphones Change the Threat Level Significantly
Top Rated White Papers and Resources
  • Guest

    Just one note on “Smartphone are based on an open (and as such insecure) operating system”: history shows just the opposite: the os and softwares that are more under attack are the close ones, not the open ones. And in the few cases of virus for open os, a patch was found on no time thanks to the cooperation of all the programmers around the world. Linux docet, try to realize that.

    • Guest

      I totally agree with you!

  • http://uimagicinc.com/blog/ Cleeuim

    Smartphone security is becoming more of a hot topic these days, especially after the Black Hat Briefings demos. Sure, most companies said that they had offered a patch or had fixed certain vulnerabilities, but these are all fixes after-the-fact. Is there any good way to be secure before there is even a risk?

    We’ve been discussing this topic on our blog: http://uimagicinc.com/blog/ Please check us out and leave a comment!

  • Blue Nio

    There’s a new solution that we’re bringing out soon which would help prevent this by just not loosing the phone in the first place. It basically means that people won’t have access directly to your phone so they can’t get any of the information (as long as your phone is securely setup)

    Check out www.bluenio.co.uk for more info and watch out for the launch on 08/09/09.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom