Mobile Security Expert: Think Twice Before You Download That New Mobile App!

Mobile Security Expert: Think Twice Before You Download That New Mobile App!

Author: Eric Everson

Whether you are an iPhone user, a Droid user, or a user of any number of new app-compatible handsets, you should be weary of exactly what’s hiding in that app. A term like “Trojan Virus” is nothing new to computer users, but increasingly this type of attack is moving into the mobile environment.

As a mobile security expert, I realize that too few app developers are willing to sacrifice the performance of their apps by adding additional security measures. This reluctance to build-in security protocols has set the stage for a serious level of vulnerability. Having worked in mobile software development myself, I understand that building in certain security features can introduce very noticeable performance hurdles, which is not something that independent app developers want to earn a reputation for.

The mobile app development community is actually still very small and has yet to become dominated by huge corporate interests, so what we have are often developers that often do not have the means to support developing a mobile app and managing a slew of security features therein. As some have admitted, it’s easier to just forget about security all together and let the user worry about their own handset-level security. As the app-driven future of wireless is quickly taking shape, it is again the handset user that must shoulder their own level of security.

At MyMobiSafe.com we are working hard to introduce a new solution for mobile app developers to help tackle this problem, but it will be early next year before we are able to unveil this development. In the interim, mobile users need to think twice before downloading that new app to their handset if they do not already have a mobile security solution on their handset. For many years we as a wireless global community have wrestled with the idea of paying for security software for our handsets. As a digital security consultant, this is a fascinating issue because when I ask most people if they would run their computers without a security solution I always get a resounding “NO!” Why is your phone any different? It packs pretty incredible processing power in its own right and in many cases carries more proprietary data than your own computer.

This time of year, mobile gifts are hugely popular, from new apps to new iPhones to run the apps, the future of the app-driven wireless industry is taking shape each day. As an app user myself, I get it! Apps are fun! More importantly they make life easier! Just use caution and look for reviews (especially security related reviews) pertaining to the apps that you want to download. Looking forward, mobile apps are here to stay; just start being a little more protective of your handset before you download them (especially the free/cheap ones!). You do not want to invite a “Trojan Virus” into your app phone.

About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.

Global Enterprise Security: The Emerging Mobile Workforce… Is Your Company Ready?

Global Enterprise Security: The Emerging Mobile Workforce… Is Your Company Ready?

Author: Eric Everson, Enterprise Security

“Global Enterprise Security” is an old phrase, but as many C-level managers are uncovering, there is a new face to this dynamic business environment. With technology tools flooding the market that have enabled the emergence of true virtual teams and ultimately a mobile workforce, the landscape of Global Enterprise Security has already changed faster than most IT professionals are willing to admit.

From doing remote desktop support pool-side to answering emails from your handheld device from 30,000 feet, everyone from the frontlines of the business to the top brass are integrating mobility into their work environment. Unlike some of my peers, I am not calling for the death of the brick and mortar workplace, but as a leader in digital security, I refuse to ignore the new challenges that these technologies represent to your Global Enterprise Security strategy. Most C-level manager’s never even think that their coveted BlackBerry could have already been hacked or otherwise compromised, yet it is a reality that we all face on a daily basis.

For mobile hackers, those very emails that you are responding to at 30,000 feet could mean a big paycheck if put in the right hands. Yes, we’re talking about that very real, under the table, realm of corporate espionage. If you’re a C-level executive and you think that it can’t happen to you, I encourage you to take a long hard look in the mirror and welcome yourself to the realities of the emerging mobile workforce and the issues it represents to your own security strategy. As the first go-to guy for many CIO’s facing this very real wake-up call, I can assure you that this is not an area of digital security that you or your company should take lightly. The mobile workforce of tomorrow is emerging faster than you might expect and for many business leaders looking around their companies, elements such as employee cell phones and laptops are nothing new and are giving them a certain lump in the throat that is hard to dismiss.

Beyond corporate espionage, just think for a moment about what happens when one of your employees drops their cell phone in a crowded holiday shopping center. Frighteningly few corporate IT organizations even have the safeguards in place today to remotely lock that handset from prying eyes (a technology which is now broadly available and is highly affordable to any size company). Would you want your proprietary next quarter pricing data in the wrong hands? It is a reality that far too few technology managers are equipped to deal with (which is also why my cell phone stays so hot). Whether you have put policies in place or not that deal with employee texting, inevitably I guarantee with 100% certainty your company data will find its way into a text message in the very near future.

It can be as simple as two managers riding opposite trains home that want to polish up a few last minute details for tomorrow’s big meeting and it can be as severe as employees committing the act of sharing your customer data with a third-party for added holiday cash. We are moving into new times and unfortunately far too many executive level managers are as ready to deal with the problems as they would like to admit. For the CEO reading this, just stop your CIO in the hall and ask him/her to explain JavaMites and the threat they represent to your Global Enterprise Security strategy company and you’ll see your CIO squirm against something they’ve likely never even heard of.

Just as a heads up, JavaMites are the latest form of mobile malware to emerge and are capable of jumping from any Java-enabled mobile device (nearly 90% of wireless phones/smartphones are Java-enabled) and can also infiltrate any data on the handset to feed it back to mobile hackers. (Learn More about JavaMites Here)

For the IT executives that are carrying themselves around company headquarters with that false glow of confidence, I dare to challenge that behind the icing of your technology cake is a vulnerability within your security strategy that could shake your company to its core. You can sugar coat and show boat with all of the money you have spent on security, but the reality is that via a single mobile phone a talented hacker can bypass your digital fortress and can comprise everything you have developed on your way to achieving that cozy little office and nice car in the parking garage. So why is your CEO putting my cell phone number into his phone and not calling you directly? …Is your company ready?

Eric Everson is a leader in digital security and mobile technologies as the founder of MyMobiSafe, LLC. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.

JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market

JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market


Author: Eric Everson, Mobile Security Expert

Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.

The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.

What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.

As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.

At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.

Your expert in mobile security and innovative technologies,

Eric Everson – The MobileTech

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.

App Wars: Can Google Compete with Apple’s App Store?

App Wars: Can Google Compete with Apple’s App Store?

Author: Eric Everson

Mobile Apps have become a vital element of the mobile experience. The iPhone is practically built on its abundance and accessibility to the ever-increasing number of apps, but the recent release of the Motorola Droid has many wondering if Google is going to flex its muscle against Apple’s App Store to propel the Google Android MOPS into the future.

Will Google introduce an app store that will rival the popular Apple App Store? Having spoke with many third-party mobile content developers, the development community is desperate for a rival marketplace to introduce their content. As some of the developers have suggested, the Apple App Store is already so crowded and puts such a tight pinch on profitability that developers are forced to compete by volume not quality.

As a mobile security expert, this obviously introduces many concerns regarding the security of the mobile apps that are hitting the market, but more importantly begs the question: How will Google respond? If you’ve been to Android.com lately you may have noticed the Android Market, a small-scale window into what could be the beginning of Google’s fight in the mobile app market. This site offers somewhere in the neighborhood of 35 different apps for the Android MOPS. The Android MOPS (Mobile Operating System) made its most recent debut on the Motorola Droid handset which hit Verizon Wireless stores on November 6, 2009.

The handset has been met with mixed reviews (especially from the iPhone naysayers) but in all honesty I’ve found it to be a cool little handset so far. Though a few key apps come pre-loaded on the Droid, you’ll instantly find yourself begging for Google to start fighting back against the Apple App Store. If Google can make their app store more attractive to third-party developers (i.e. more profitable for developers than the Apple App Store competitive market place) and easier to use, I have little doubt that the developers will follow. The reality of the market is that the Google Android MOPS is just on too few handsets at this point, but I believe that a firm investment in the availability of apps could turn this market in Google’s favor.

As more apps come available for the Android handsets, the market demand for Google’s Mobile Operating System is sure to climb too. Success in the mobile industry is increasingly being driven by accessibility to apps rather than any other handset feature. The reality is that Apple’s supremacy in this market to date is directly related to their visionary ability to improve the accessibility to new mobile content. In my opinion, if any company has an opportunity to engage in an App War with Apple, Google gets my vote! The question remains, “Can Google Compete with Apple’s App Store?”  Let the App War begin!!!

Eric Everson,

Founder – MyMobiSafe.com

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com

Motorola Droid Drops Today: Happy Droid Day America!

Motorola Droid Drops Today: Happy Droid Day America!


Author: Eric Everson, Mobile Security Expert

If you’re wondering what all of the buzz is about with words like Droid and Android 2.0 circling about, you might think for a moment that there is a new George Lucas film that hit theaters. To the contrary, Motorola’s much anticipated Droid handset hits Verizon Wireless stores today in America. This is a hallmark handset that comes equipped with Google’s Android 2.0 MOPS (Mobile Operating System) and offers what some believe to be Verizon’s answer to the iPhone.

As the official Droid release email from Verizon promotes, “The phone that makes you feel like a four star general with natural charisma, twelve arms and the power of mind control is here and is ready to serve.” Okay so, they might be overselling it a little bit, but this Droid handset certainly pushes the competitive landscape forward within the mobile industry. Having taken some time to tinker with the handset, the quality that stands out the most in comparison to the iPhone is its ability to handle apps (applications). If you’re used to the lag of opening apps on your iPhone, the Droid will feel like a supersonic blast of Star Wars-like hyper-drive in your palm!

Also notable is the 5MP (mega pixel) camera feature which pushes the idea of the camera phone into new territory. While it might not compare to the rumored 12MP Nokia camera phone that is secretly said to be in development, you’ll certainly notice a difference in picture quality compared to the 3.2MP camera of the iPhone. The Droid has the look and also pushes handset design forward with such features as a touchscreen plus QWERTY slider keyboard to the next level. The Droid also comes out of the box with built-in access to Amazon’s MP3 store.

Compared to the thriving Apple App Store and iTunes platform, the novelty of an Android App Store seemingly falls flat, but in all fairness the Android community is still very young. As third-party mobile content developers continue to see opportunities to embrace this new market, they will likewise be motivated to develop more apps. I see a great opportunity here for Google to flex its creative muscle to answer the competitive advantage that the iPhone already has in place.

As your resident mobile security expert, I would be amiss not to acknowledge the undertone of growing security concerns regarding the Android 2.0 MOPS. Are there mobile security vulnerabilities to come? Of course, but as I’ve noted in the past, nobody in the MOPS industry addresses vulnerabilities as well as the Google team. As we uncover new vulnerabilities throughout the MOPS landscape, the Google team is consistently the fastest and most efficient to respond.

If you’re in the market for a new handset or you’re one of many Verizon customers that has been waiting patiently for a smartphone of this caliber to come along, I say to you Happy Droid Day! May the force be with you!

-Eric Everson “The MobileTech”

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com

Mobile Security: The New Face of Digital Terrorism

Mobile Security: The New Face of Digital Terrorism


Author: Eric Everson

Hackers have been on the leading edge of digital terrorism for at least ten years now which has put cybersecurity into the national spotlight under the Obama Administration. Issues such as denial-of-service (DoS) attacks, attacks on government contractors, and the recently reported breach of defense contractor computers that let hackers get information on the Joint Strike Fighter, suggest that hacking has become commonplace in the computing industry, but is there a greater threat looming?

Looking at the digital security environment, there is one digital front that remains largely untouched by existing cybersecurity policy: mobile security and the great wireless vulnerability. The world has become completely dependent on mobile communication devices from basic cell phones to advanced smartphones. Throughout the world the use of mobile communications continues to rise and new frontiers of mobile commerce (i.e. mobile banking/payments) are finding their way into less developed markets. The reality is that cell phones are everywhere we look, but the issue is that handset-level security remains our greatest digital security vulnerability.

Why would a terrorist want to write code for your cell phone? A simple question, yet one that offers a frightening glimpse into our global issue of mobile security. In mobile communications the wireless industry operates in a network-secure environment and leaves handset-level security up to the mobile user. This has fostered an environment where the wireless network-level itself has safeguards in place, but the majority of mobile devices remain open to attack. The reality of digital terrorism in the mobile environment is that through the use of readily available Mobile Operating System (MOPS) Software Development Kits (SDKs) entire wireless markets could be systematically infected and ultimately shutdown in a DoS type of attack at the handset-level.

We’ve already seen mobile viruses that are capable of replicating themselves by auto-disseminating through your contact list. We’ve already seen the large-scale implications of JavaMite mobile viruses capable of attacking the Java-enabled plane of entry (globally nearly 80% of mobile handsets in operation today are Java-enabled). With mobile threats on the rise and an increasing arsenal of mobile hacker tools becoming readily available, the new face of digital terrorism is mobile in nature. Imagine the ability to cut off mobile communications to an entire city, country, or even continent and this is the raw power of digital terrorism that we face. Sure, the network-level has its safeguards, but what is protecting phones at the handset-level? This is something that handset manufacturers are fighting through their own unique methods but an issue that is becoming of increasing concern for mobile users… and government officials.

Remember the whole spy-proof smartphone debacle surrounding President Obama’s love of his BlackBerry? The reality is that data mining is easily accomplished via mobile handsets through any number of mobile keyloggers that are available on the open market. Whether reading someone’s messages or looking for more specific data, the technologies to access this proprietary data can be easily adopted by anyone with basic software skills. There are so many issues from data high-jacking to mass DoS attacks that are pushing their way into the mainstream realm of the digital security environment. The growth of mobile banking and the global reliance on mobile handsets is attracting hackers to this newest theater of mobile vulnerability.

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com

Ref: Wired.com

3-Way Mobile Security… What is Original1?

3-Way Mobile Security… What is Original1?

Today, SAP, Nokia and Giesecke & Devrient (G&D) today have announced plans to form a new company, named "Original1," to deliver unique product authentication and anti-counterfeiting services across the globe. Though this venture has been grabbing some headlines, what does it really mean for mobile security?

According to the press release on the matter, “Original1's services will rely on SAP technology and solutions, while Nokia will deliver mobile authentication software to allow businesses to follow a branded product's entire life cycle, from a factory to the end customer, using mobile devices. G&D's contribution to Original1 will consist of security solutions for the entire value chain.” While the 3-way joint venture is pending regulatory approvals, the company expects to be operational before the end of the year. While this venture may/may not directly offer services to individual subscribers at the handset level, the intentions of this venture reflect the indirect opportunity to improve the user environment for wireless users.

At first glance this venture seems to be aimed primarily at introducing new solutions to improve brand protection services, but perhaps as the company moves forward we’ll all see subtle improvements in aspects of mobile commerce and mobile authentication. The battle for security in wireless has been going on for many years now and it’s finally beginning to get the respect it deserves. Considering that services such as mobile banking are increasingly being adopted, the reality is that mobile hacking tools are becoming more readily available too. Today there are multiple websites with dedicated mobile hacker software, which is a niche software market set for rapid expansion.

As the old quote attributed to Willie Sutton goes, “I rob banks because that's where the money is.” The reality is that money is digital and digital money is quickly making its way into the mobile environment. With an abundance of mobile hacker tools coming available, it already takes far less technology sophistication to hack into cell phones than it did just two years ago. Security is a veil for most people but remains a digital puzzle for those behind the hack. To see a company like Nokia involved in this 3-way joint venture speaks volumes to the opportunity for security-driven technologies to debut on future Nokia platforms.

Eric Everson – The MobileTech

Ref:
http://online.wsj.com/article/BT-CO-20091027-704578.html