Security issues affecting mobile users as they spend more time and money recovering from incidents SC Staff February 16 2009
Mobile users are experiencing more security issues than ever before and spending more time and money on recovering from incidents.
New research from McAfee in its Mobile Security Report 2009 has shown that security is proving a barrier to service innovation and the development of new business models. It claimed that half of all global manufacturers have reported mobile malware infections, voice and spam attacks, third party application problems or incidents that caused network capacity issues.
More than 40 per cent of manufacturers reported that they had experienced security threats across the complete range of the most common mobile security threats. Voice or text spam attacks have hit the greatest number of devices with incidents affecting 17 per cent of manufacturers last year.
There was also a considerable rise in the number of issues with third party applications and content, with prematurely released applications causing severe network capacity issues or crashing and locking devices altogether.
Three quarters of respondents agreed that carriers and manufacturers should carry the cost of security and only 12 per cent thought that users should be involved with handling security measures. Victor Kouznetsov, senior vice president of McAfee Mobile Security, said: “Attempts to make the mobile ecosystem more open have shown early signs of success yet attacks on mobile networks and devices continue to grow in both complexity and sophistication.
“This elevates concerns surrounding the security for both existing and emerging services. Hence it is encouraging to see that mobile manufacturers are looking to regain control of providing security functionality to safeguard their users.”
"The trusted module provides a secure place to store secrets (keys) in a place they can't be compromised," says Lark Allen, VP of Wave Systems. "It also measures things, like a software module on your device, and compares that against a hash stored in its secure registers to see if it's been changed. It can also measure the configuration of the phone: Has it been altered? Is there malicious code? Are there unauthorized installs?"
With the mobile standards, he continues, carrier network operators and enterprise risk managers can exercise better controls over their valuable mobile devices. For example, they can package only approved applications with the phones, check the integrity of the telephone applications, and encrypt data that needs encrypting.
Wave Systems, which makes document encryption and secure storage products based on the Trusted Platform, demonstrated at RSA in February with Juniper and Nortel a proof-of-concept integrity check application on the Trusted Computing Platform that could do just that. With it, they measured patch level, status of anti-virus, and other security policy compliance points on a PC. Such an application can quickly convert to smart phone management once the mobile platform module is completed and security vendors start building against those standards, he adds.
"With a standard building block like the Trusted Mobile Platform Module, you can now put it into lots of platforms with a common security infrastructure to support all kinds of smart, feature-rich devices," Allen says. "In a mobile environment, this is important because every network operator has phones from a variety of different vendors that it needs to support."
News 
Market Data 
Discover 
