Talking About Security at Mobile World Congress
We’re delighted to let you know that our very own Will Chow (our founder and CTO) will be speaking at Mobile World Congress in Barcelona on Feb. 24. Will will be part of a panel discussion on mobile security in its myriad facets. If you plan on attending MWC, we hope you’ll make time to attend.
Wednesday, February 24th
11:00 – 12:00
Hall 4, Auditorium 4
Add to Calendar
If you’d like a preview of what Will will be discussing, you can watch this video, or read the post below. Thanks!
Mobile Security Is Broken
We are at an inflection point in how users view mobile security. The Firesheep, Stagefright and Instapaper hacks are just the latest wake-up calls. Unfortunately, the Android update process remains too slow to be of any help, so users need tools to protect themselves. It’s time for real security solutions on the mobile device – ones that actually block malware and prevent snooping in real time.
In the PC era, the number of ways that hackers could steal your data was relatively limited. But with today’s mobile devices and their abundance of radios (cellular, Wi-Fi, Bluetooth), the ways hackers get to your device and data has multiplied. The “attack surface” of smartphones is much bigger than that of PCs. And with smartphones far outnumbering PCs, there are many more potential victims. This, of course, is luring more hackers to target smartphones.
Most users think downloading a bad app is the main security risk (if they even think about security at all), so the Stagefright hack is an eye opener. This video shows just how easy it is for someone to hack your phone without ever touching it or getting you to download a malicious app. All they have to do is send you an MMS message. And Android can’t stop it.
The Growing Attack Surface of Mobile
Why is this happening? Since the first iPhone, we’ve witnessed an unprecedented amount of new functionality – and vulnerabilities – delivered by mobile OSs. Users love all the new things they can do with their smartphones, but don’t think about the security tradeoffs.
This isn’t because Apple and Google are writing worse code. It’s simply that the more complex software becomes, the more prone to errors it is, and therefore the more vulnerabilities it contains. These charts tell the story:
Unfortunately, the typical user believes that “bad apps” are the problem. Focusing on apps blinds us to much greater threats – the ones that arrive through all those radios smartphones have. Hackers can access your mobile device via:
- App installs
- File downloads and file sharing
- Unsolicited MMS and hacked email accounts
- Hacked websites, search results, phishing sites
- Nearby devices pushing malware
- Wi-Fi snooping, fake Wi-Fi hotspots, DNS hijacking, MITM (man in the middle) attacks
In other words, attacks are bypassing the app store, and arriving at other parts of the attack surface.
The Solution Has to be on the Phone
The smartphone itself needs to be protected, right on the device, not via a cloud solution. And the protection cannot be reactive, like scanning a new file for viruses after it’s already been downloaded. Smartphones need to detect malware at all entry points. And they need to encrypt traffic at the device for privacy protection on all networks – cellular and Wi-Fi.
App-based mobile data protection puts users in control and stops threats before they get onto the phone. These solutions scale better than any network based approach, leveraging the massive deployment scale of smartphones, and they’re much less expensive then network based, cloud or hardware solutions.