JavaMites: The Emerging Universal Mobile Threat

If you have been following my entries at ZDNet.co.uk, then you know that I have been very busy lately with all of this JavaMite malware. If you’ve not been to the ZDNet blog I host lately then, you still need to be aware of this latest development in mobile malware.

As defined in my whitepaper on the topic: “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a form of mobile malware that has been in development for sometime, but until February 2009 had not been fully executed.

On February 7, 2009 a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account. This attack targeted handsets without third party mobile security solutions and was made public very quickly upon debut.

At face value this may seem like another harmless attack, but from the perspective of technical sophistication this form of mobile malware is a major development. This form of mobile malware has the technical capacity to infect mobile devices by the masses and so far the authors have demonstrated a preference of targeting the mobile banking sector. To learn more about JavaMites and your risk as a mobile user, please visit my ZDNet blog @ http://community.zdnet.co.uk/blog/0,1000000567,2000440756b,00.htm and read my whitepaper: JavaMites: The Emerging Universal Mobile Threat. Your guru in mobile security… Eric Everson – Founder, MyMobiSafe.com

Mobile Biometrics: The Future of Mobile Law Enforcement

Mobile Biometrics: The Future of Mobile Law Enforcement
Author: Eric Everson, Founder MyMobiSafe.com

If you find yourself strolling the Biometric Consortium Conference in Tampa, FL this week (Sept 23-25) you may want to make your way to booth 211. It is at this chic little display that Motorola has unveiled what some might consider a landmark entry in next-gen biometric technologies. At the display (primarily targeting law enforcement buyers) this little device is the latest plug-and-play tool for promoting the mobility requirements of police in the real world.

With regard to the mobile industry, this seems to be the first market ready biometric device introduced for a cellular handset. While this is a new technology, it could provide the gateway for promoting field fingerprinting and perpetrator identification into the future. As a mobile security advisor, I see an abundance of opportunity within the realm of biometric advancements in mobile handsets. The day may come where a biometric scan will become the standard for unlocking ones mobile phone for use. The days of low security four-digit passwords (yes, that’s an iPhone jab) are on the way out in favor of these next-gen biometric alternatives.

The number one concern most mobile users have regarding their handsets is the risk of their data in the hands of a stranger. If a handset is lost or stolen, in most cases we fail to have taken the preventive measures (at minimum locking the handset via the keypad). The introduction of mobile biometrics may represent a new wave of handset level protection for the mobile industry. While their remains a void in the current market for such built-in biometric components, this new device from Motorola proves the potential of such innovation to come.

As the founder of MyMobiSafe.com, the number one risk we have identified that threatens your mobile security is the lack of user prevention. Cell phone users continue to discount the computing power of their handsets, which continues to put millions at risk. I look for great advances in assuring handset level mobile security from mobile biometrics.

Your Mobile Security Watchdog,
Eric Everson

Eric Everson – Founder of MyMobiSafe.com

Poor Mobile Banking

Poor Mobile Banking
By: Eric Everson, Founder MyMobiSafe.com

In reading the news this morning an interesting article from Fox Business News titled Mobile Banking to Transform Microfinance caught my eye. In short, the article discusses the capacity of mobile banking to penetrate the shortcomings of financial institutions as a vehicle of the poor. This article if nothing else makes me think that if mobile banking offers so much potential in terms of driving the flexibility of a mobile lifestyle, then why isn’t more being done to secure mobile banking?

As I’ve declared in the past, mobile banking’s greatest security vulnerability resides at the handset level. This means that the lack of security that most mobile handsets have lends them to incredible risk as a financial instrument. Lending from this article, how much more does targeting the lowest income demographics compound the security vulnerabilities that reside in mobile banking? By this statement I merely intend to suggest that this demographic is less likely to use the higher-end handset spectrum (which boasts better security) while they are also less likely to seek a third-party software to bolster the security shortcomings of their handsets.

The article suggests, “A new report from the global microfinance body CGAP predicts that, with the right market conditions, mobile banking could reach large numbers of poor people who are outside the formal financial system.” I do not actually disagree with this, but the issues becomes defining what comprise “the right market conditions” to truly penetrate mobile banking to such a traditionally technology adoption laggard demographic.

As a mobile security professional (with a business degree), I see a much greater need to focus on the handset level mobile security vulnerabilities that threaten the macroeconomics of mobile banking as a whole. If the overall environment of mobile banking is threatened by the gaping holes of handset level security coupled with the grave lack of handset interoperability across the global wireless industry, how will mobile banking ever gain the traction needed to become a standard conduit to the financial industry?

Let’s face it, mobile banking is a newer technology that has some major areas of opportunity with regards to security. As security is only as strong as the weakest link, mobile banking faces serious hurdles at the handset level.

Your mobile security guru,
Eric E

Eric Everson, Founder - MyMobiSafe.com

Article in Reference: http://www.foxbusiness.com/story/mobile-banking-transform-microfinance/

Mobile Security Guru

Most of you that follow my blogs know that I am “The Mobile Security Guru” at the ZDNet.co.uk blog site too. I have been a bit more diligent in keeping that blog updated, so feel free to check it out too.

http://community.zdnet.co.uk/blog/0,1000000567,2000440756b,00.htm

The Network May Be Safe But Is Your Phone?

The Network May Be Safe But Is Your Phone?
By Eric Everson, Founder – MyMobiSafe.com

Does it make you feel all warm and fuzzy as a mobile consumer to hear your cellular service provider talk about the “security” features their brand offers? As it is today, cellular security is in the hands of the individual mobile user. In reality what adds up to hundreds of millions of dollars spent by cellular providers around the world on network level security, may not protect your phone at all.

The behind the scenes network infrastructure of all wireless service providers is heavily driven by computers thus security at the network level is just that, at the network level. The smoke and mirrors that all cellular providers want their average subscriber to “just accept” is that their network security doubles as your handset level security.

The reality is that mobile security is in the hands of each individual mobile user. Admitting that there is a handset level vulnerability represents a huge potential brand liability for the cellular service providers. Take control of your own mobile antivirus security solution and take control of your own handset level security.

Your friend and guru in mobile security,
Eric Everson – Founder
MyMobiSafe.com

Mobile Torrents A Cell Phone Security Nightmare

Mobile Torrents A Cell Phone Security Nightmare
By: Eric Everson, Founder – MyMobiSafe.com

It was not too many years ago that torrents were an unheard of technology and today they have all but reinvented the way we file share. In the depths of the connected mobile hacker community there are avid coders working to make mobile torrents a reality. For cell phone owner’s mobile torrents represent incredible access to mobile applications and other content, but for mobile security providers mobile torrents will be a security nightmare.

MyMobiSafe was built on the belief that the future of mobile security will be fought at the customer handset level. Generally speaking, wireless service providers have invested millions to protect the network level security with little regard for handset level security. The emergence of mobile torrents is sure to change the mentality of wireless service providers throughout the world. Where today handsets are somewhat islands of isolated technology due to the lack of a universally accepted operating system (as arguably exists for the computer side), the dawn of mobile torrents will open cell phone interconnectivity like never before.

As the founder of MyMobiSafe.com, I expect mobile torrents to become a major emerging technology for the future. While mobile torrents may provide access to an abundance of mobile content, the malware and mobile threats will also be saturated in the mix. Mobile torrents are one thing that could literally render millions of dollars invested in network level security completely useless. The future of mobile security will be fought at the handset level; are you ready?

Your guru in mobile security,

Eric Everson, Founder
MyMobiSafe.com

Eminent Domain? Cell Phone Owners On Notice.

Eminent Domain? Cell Phone Owners On Notice.
By: Eric Everson, Founder - MyMobiSafe.com

If you are a cell phone owner in the state of Virginia, you may have heard the recent news about the Division of Child Support Enforcement taking new actions targeting cell phones. In a maneuver to recover back child support, the agency has subpoenaed more than 52,000 cell phone numbers from seven wireless providers. The agency is using the information obtained to mine for current address and contact information regarding those who have fallen behind in child support payments. Is this a good move to bring technology into service for justice or another tactic to use the proprietary information of mobile users against them?

All politics aside, as the founder of MyMobiSafe.com I think this is just another sign that showcases the frightening state of affairs of information privacy within the mobile community. Wireless providers spend millions to protect their investment interests at their network level, yet little (or nothing) has been done to protect the cell phone user at the handset level.

Throughout the mobile community cell phone security has fallen to each individual user. Fortunately cell phone owners are free to choose a mobile security provider like MyMobiSafe to offer them a line of defense in an uncertain mobile environment. With the increasing use of mobile hijacking tools like keyloggers and snoopware, the mobile environment is becoming a hot bed of risk. Recently there was a news article about how one agency is using these same snoopware tools to “wire-tap” mobile phones.

To tie all of this together, not only do cell phone owners have to worry about the government tapping into providers for information there are a ton of other threats that are becoming mainstream concerns at the handset level that providers have not taken action to prevent. How will things change? Visit MyMobiSafe.com to get your mobile security solution and start demanding MyMobiSafe from your wireless provider. We have to stand together to make the mobile community a safer place.

Your friend in mobile security,
Eric Everson