The biggest challenges in mobile security
In the past 20 years, we have seen a boom in mobile adoption and the arrival of the Internet of Things, but recently these advancements have been overshadowed by cybersecurity attacks which have targeted celebrities, the NHS and even the CIA. As a result, concerns for our online and mobile security have sky rocketed for both B2B and B2C customers.
These hackers’ skills are forever evolving, and our ability to stay one step ahead is becoming increasingly difficult, with providers embarking on a never-ending search for ways to stop these attacks. So, what are the current challenges facing the world of mobile security and how can telecoms and Mobile Service Providers (MSPs) overcome them?
The Internet of Things and DDoS Attacks
The biggest threat to mobile security currently now and for the next foreseeable years is the Internet of Things (IoT). With forecasts saying that by 2020 there will be as many as 21 billion connected devices used by business and individuals around the world, the potential threat is huge.
These connected devices, which are used in everything from manufacturing to healthcare, give attackers more opportunity to deploy their increasingly "aggressive" and "confrontational" tactics, according to a joint report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). We have already witnessed a significant rise in mobile ransomware attacks as a result of IoT in 2016, with hackers deploying large-scale attacks on poorly secured networks and end-points.
These attacks have most commonly been carried out using Distributed Denial of Service (DDoS) attacks. This is when a network of computers is infected with a botnet, which coordinates a bombarding of the server’s traffic until it simply collapses under the strain. Last year witnessed one of the biggest DDoS attack so far, when Dyn, an American company which controls the majority of the internet’s domain name system infrastructure was hit by the Mirai botnet. This one botnet succeeded in bringing down sites including Twitter, the Guardian, Netflix and CNN.
Typically, botnets are made up of computers, but the Mirai broke the mould and used the Internet of Things, hijacking devices such as digital cameras and DVD players. This form of attack gave the malware an estimated 100,000 malicious endpoints. The weakness of the IoT devices allowed the hackers to access sensitive information and infect further networks -- a trend that is only going to increase in the future.
The best way to combat this type of malware is through increased governance and regulation of IoT, which is expected to be enforced soon given the wave of high-profile DDoS attacks. In the meantime, end-to-end encryption for both networks and devices will help in staving off the attackers.
Given the wide remit of devices an DDoS attack can use maliciously, telecoms and MSPs will need to ensure that both the hardware and networks are secured. One way of ensuring devices are secured to the required level is through scalable encryption, which raises or lowers the Advanced Encryption Standards (AES) based on the user’s IP address, as found on the Genio phone.
Bring your own devices and malicious apps
Employees today have different preferences on brands and operating system for their work phones and computers. As such, businesses are faced with having to keep track of hundreds of devices which are increasingly being used for both business and pleasure. Ensuring these devices are protected is an expensive undertaking and has become a headache for IT teams.
More and more mobile botnets, such as Pegasus, are targeting phones because of the sensitive data they contain, such as confidential emails, texts and images. The Pegasus attack allowed an adversary to jailbreak an iOS device and spy on its victims, collecting information from voice communications, camera, email, messaging, GPS, passwords and contact lists, relying on our dependence on phones to gain this sensitive information.
There has also been a noticeable rise in malicious applications disguising themselves as real apps, which has become a serious problem for businesses looking to protect their employee’s devices. In 2016 alone, there were cases in which mobile malware was disguised in apps including Facebook and Dropbox. These "pretender apps" give hackers access to information such as credit card and banking details and some more advance ones can use it to gain access to other information on the victim’s phones.
MSPs and telecoms have already rolled out strategies to address this and safeguard mobile operating systems from malicious attacks. Such strategies include Sandboxing, which ensures that applications can only operate in a controlled environment and are restricted in access to other areas of the device.
To achieve true security, however, telecoms and MSPs will need to roll out the latest encryption solutions. Services, such as the iOME IP-based telecom solution, offer end-to-end encryption across the entirety of mobile networks which is a step in the right direction. What’s needed next is the industry to come together to create and develop regulations that will both protect consumer data and ensure the industry as a whole can mitigate the risk of malicious attacks on mobile devices and wider telecom networks.
With all this said, however, it is important to remember that the current landscape of mobile security is evolving at an unprecedented rate. Even the first half of 2017 witnessed significant changes in how mobile security looks and feels, showing how advances are being made every day to deter hackers and keep our information protected.
Isaac Daniel, founder and CEO of Macate Group Limited and Isaac Daniel Group.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.