How secure is mobile?

There are various scare stories about Security on the internet in general and mobile in particular. This seems to provoke three reactions-

  • Ignore it as hyperbole, the internet is so big no one will find me
  • The data itself doesn’t contain anything useful so I don’t have to worry
  • I will never put any data on mobile or internet as none of it can be trusted
  • I am always struck by companies who have very strict rules on how their IT systems connect with the internet in the fixed world. When it comes to Mobile however, they apply some or all of these rules and in the process throw out everything they have learned about security. Let’s have a quick look at those points again.

    Ignore it as hyperbole, the internet is so big no one will find me

    This first one is easily addressed. If you have a look at Shodan here is a product developed specifically to find M2M devices, unprotected, out there on the internet. Twenty minutes is all you need to start finding devices with surprisingly little protection as Mark Ward of the BBC found out in this article http://www.bbc.co.uk/news/technology-22524274 . Hiding in the herd is no longer an option.

    The data itself doesn’t contain anything useful so I don’t have to worry

    This is a statement that we come across repeatedly. That the data itself has no value so why would somebody bother? This misses a couple points:

    the rise of bots- these are automated programmes usually on unknowing hosts that hammer away at systems with poor security on the principle that something interesting may turn up. You will be hacked to see if you’re worth hacking rather than hacked because you have something of value they are after.

    On mobile you pay for all the data going up and down. So even if your device is secure, or the data that it is carrying is eventually viewed as having no commercial value you will be in the relatively unique position of paying for your own attack.

    I will never put any data on mobile or internet as none of it can be trusted

    This simple solution means turning your back on the rise of Machine to Machine (M2M), of the Internet of Things (IoT) and perhaps the most important disruptor of all Smart Phones and their apps. It is also an overreaction. Data can be sent securely over the internet and mobile, often more cheaply, certainly more scalable, than the insecure methods chosen now. Over the next couple of weeks I will try and address how- at a SIM level, at a network level and also how you access that system.

    If you are interested in making Mobile more reliable, fit for industry, delivering the data you need please have a look around the other blogs or contact us at [email protected] or call us on +44 1530 511 180

    Written by

    Douglas Gilmour

    Douglas formed Mobius in 2003 after twenty years’ experience in the Semiconductor industry. He was driven by the idea that airtime could be better and more secure.