Feature feature
Securing Mobile Phones Security of mobile phones though at an early stage will gain momentum and importance in the coming years to come obile phones is no more a luxury item, it has become a necessity. Look around and we see almost everyone carrying a mobile phone today. This allin-one device acts as our bill payment gateway, storing valuable information, checking emails and also serves as an interface with our banks. However, these benefits does not come easy. There is an increasing number of threats on mobile phones and therefore, securing the mobile device from hackers and unauthorised agents becomes a major concern. According to the McAfee Mobile Security Report 2009, there has been an unprecedented growth in the number of mobile security threats in the recent years. The research shows the increase in the number of virus / spyware infections, voice or text spam attacks, third party application / content problems, loss of user data from devices and phishing attacks over a period of three years from 2006 - 08. Among all the threats, voice and text has recorded the highest number of attacks. Connecting to the world wide web is one of major causes of such security threats on our mobile phones. Therefore, any phone which has
Kartik Shahani Regional Director, India and SAARC, McAfee
“In India there are a lot of mobile security solutions that are available, but no one is using them”
30 }
the capability of accessing the web and can download things from the Internet are at a higher risk of attracting viruses and other such security threats. What is under Threat?
One might ask – what is under threat? One obvious guess is the theft of mobile phones which can subsequently lead to access to our personal and confidential data and information. Therefore, physicals security of mobile phones becomes an area of high concern. People tend to store a lot of confidential data / information such as bank PIN numbers, credit card details which is a major area of concern. If the handset gets lost and the information is not encrypted, it will be easily available to someone without any effort. Data in a mobile phone also becomes vulnerable with unauthorised agents/ persons extracting confidential information through an external medium such as CD or USB memory stick and selling it to a third party. Someone can also create passwords entries and gain access to our encrypted files.
There are solutions for mobile encryption which will ensure that the confidential information in your mobile phones is not misused. In other words, encryption is all about limiting the access to a mobile device through passwords. Market is flooded with variety of mobile phones ranging from low end, affordable ones to the high end sophisticated ones. Speaking to egov, Kartik Shahani, Regional Director - India and SAARC, McAfee, said “The security features also differ from one phone to another. A smart phone or a Personal Digital Assistants (PDAs) will have different security threats attached with them, while GSM or CDMA phones will have different security features attached”. With the popularity of mobile phones among the masses and the number of value added services increasing day by day, the concerns over the security of mobile banking and payments becomes prime. Like the anti-virus softwares in our personal computers, protection of the mobile phones also becomes an area of concern. The McAfee report further www.egovonline.net
ov
Green IT Ad
ov
March 2009
31
says that “Today, service providers, banks, and PC manufacturers recommend the installation of personal protection products (often at no cost for the user.) But the situation is different in the mobile space. While mobile banking services are growing rapidly in developing countries, where other payment methods are rare, mobile devices continue to lack sufficient protection features”. Scenario in India
Anti-virus and other security features for mobile phones are available in the Indian market, but these are not popular among the people. There are a lot of reasons for the non-popularity of mobile security features in India. The most striking reason that one can count is the lack of awareness among the people. Moreover, there has not been any major mobile security issue that came up in India which can induce people to take mobile security on a serious note. Shahani further added that, “In India there are a lot of mobile security solutions that are available, but no one is using them. There are countries where mobile security is considered a must. On the other hand, there are countries like India, who are aware of such mobile security solutions, but are not bothered as of now to acknowledge the fact as there has not been any major outbreak that can induce them to use such security features”. Therefore, one can say that mobile security is at a very nascent stage in India. Talking about the current mobile security scenario in India, Rajiv Chaddha, Vice President, Sales, VeriSign said, “When we are talking about 10 - 20 percent penetration in terms of applications, we are just
talking about 8 - 10 million handsets. Yes it is right to say, that mobile security is at a nascent stage now, but appropriate steps has to be taken, before rolling out services to a much larger base”. Moreover, the current laws in India does not specifically talk about security angle in a detailed fashion. It only says – if one is caught sending spam mails, hacking emails or causing identity threats, one will be penalised. Transaction on Mobile phones
With the growing popularity of financial transactions over mobile phones in India, there is an increasing threat of financial losses, if security measures are not put in place at the right time. The above mentioned graph shows the areas of high concern in terms mobile security. It can be drawn from the figure that payments and banking are the major areas of concern. In the current scenario, mobile payments and mobile banking services are protected with only one level of security that is the user name and the password. “If someone is able to hack these two things there can be a lot of financial losses” says Shahani. With the growing popularity of mobile phones in India and the various value additions that is happening, one has to check the additional layers of authentication as well. Second factor authentication is a thing that a lot of people are talking about. Also, one has to see what are the kind of passwords
Do’s and Don’t to Secure your Mobile Phone
• Never connect your mobile phone through a unsecured wi-fi connection available in public places such as airports etc. • Don’t open every SMS / MMS as it may contain viruses, especially from unknown sources. • Never accept offers such as called tunes or dialer tunes from unknown sources. • Try and avoid using bluetooth in public places, as someone can access your confidential data / information. • Never open / download emails or attachments from unknown sources. • Be careful about the websites you are browsing. If it does not sound authentic, do not download anything from it.
32
that are available – is it a direct password or a randomly generated one. A silver lining in the clouds is that, RBI is putting a regulation in place by August 2009, stipulating that any online transaction of more than INR 5000 through a credit card will have to be authenticated with a password. On the other hand, a lot of manufacturers have plans for having an in-built security feature in the mobile phones. Chadha further said, “Operators in the current scenario is thinking about second hand authentication of transactions over the mobile phone”. The McAfee report also states that, “About 75 percent of the manufacturers prefer to include security technology as a preloaded and prepaid functionality or service on their devices, limiting user interaction and responsibility”. Looking Forward
Security of mobile phones though at an early stage will gain momentum and importance in the coming years to come. With the regular security features such as user name, passwords, encryption and second level of authentication, there is also a need for developing more sophisticated yet user friendly security features. Putting things in perspective, Shahani told, “Mobile viruses are maturing in the same life cycle as the personal computer viruses. PC viruses started off with cookies and other network viruses. Gradually, it became lethal with viruses attacking with the intention of financial gain. In the mobile world also it came along the same way”. It is high time for us in India to pull up our socks before it is too late and address the mobile security issue in a more detailed and comprehensive way. Nilakshi Barooah nilakshi@egovonline.net
www.egovonline.net
ov