There are various scare stories about Security on the internet in general and mobile in particular. This seems to provoke three reactions-
I am always struck by companies who have very strict rules on how their IT systems connect with the internet in the fixed world. When it comes to Mobile however they apply some or all of these rules and in the process throw out everything they have learned about security. Lets have a quick look at those points again.
Ignore it as hyperbole, the internet is so big no one will find me
This first one is easily addressed. If you have a look at Shodan www.shodan.io here is a product developed specifically to find M2M devices, unprotected, out there on the internet. Twenty minutes is all you need to start finding devices with surprisingly little protection as Mark Ward of the BBC found out in this article http://www.bbc.co.uk/news/technology-22524274 . Hiding in the herd is no longer an option
The data itself doesn’t contain anything useful so I don’t have to worry
This is a statement that we come across repeatedly. That the data itself has no value so why would somebody bother? This misses a couple points:
the rise of bots- these are automated programmes usually on unknowing hosts that hammer away at systems with poor security on the principle that something interesting may turn up. You will be hacked to see if you’re worth hacking rather than hacked because you have something of value they are after.
On mobile you pay for all the data going up and down. So even if your device is secure, or the data that it is carrying is eventually viewed as having no commercial value you will be in the relatively unique position of paying for your own attack.
I will never put any data on mobile or internet as none of it can be trusted
This simple solution means turning your back on the rise of Machine to Machine (M2M), of the Internet of Things (IoT) and perhaps the most important disruptor of all Smart Phones and their apps. It is also an overreaction. Data can be sent securely over the internet and mobile, often more cheaply, certainly more scalable, than the insecure methods chosen now. Over the next couple of weeks I will try and address how- at a SIM level, at a network level and also how you access that system.
If you are interested in making Mobile more reliable, fit for industry, deliverying the data you need please have a look around the other blogs or contact us a firstname.lastname@example.org
Written by Douglas Gilmour