Motorola Droid Drops Today: Happy Droid Day America!

Motorola Droid Drops Today: Happy Droid Day America!


Author: Eric Everson, Mobile Security Expert

If you’re wondering what all of the buzz is about with words like Droid and Android 2.0 circling about, you might think for a moment that there is a new George Lucas film that hit theaters. To the contrary, Motorola’s much anticipated Droid handset hits Verizon Wireless stores today in America. This is a hallmark handset that comes equipped with Google’s Android 2.0 MOPS (Mobile Operating System) and offers what some believe to be Verizon’s answer to the iPhone.

As the official Droid release email from Verizon promotes, “The phone that makes you feel like a four star general with natural charisma, twelve arms and the power of mind control is here and is ready to serve.” Okay so, they might be overselling it a little bit, but this Droid handset certainly pushes the competitive landscape forward within the mobile industry. Having taken some time to tinker with the handset, the quality that stands out the most in comparison to the iPhone is its ability to handle apps (applications). If you’re used to the lag of opening apps on your iPhone, the Droid will feel like a supersonic blast of Star Wars-like hyper-drive in your palm!

Also notable is the 5MP (mega pixel) camera feature which pushes the idea of the camera phone into new territory. While it might not compare to the rumored 12MP Nokia camera phone that is secretly said to be in development, you’ll certainly notice a difference in picture quality compared to the 3.2MP camera of the iPhone. The Droid has the look and also pushes handset design forward with such features as a touchscreen plus QWERTY slider keyboard to the next level. The Droid also comes out of the box with built-in access to Amazon’s MP3 store.

Compared to the thriving Apple App Store and iTunes platform, the novelty of an Android App Store seemingly falls flat, but in all fairness the Android community is still very young. As third-party mobile content developers continue to see opportunities to embrace this new market, they will likewise be motivated to develop more apps. I see a great opportunity here for Google to flex its creative muscle to answer the competitive advantage that the iPhone already has in place.

As your resident mobile security expert, I would be amiss not to acknowledge the undertone of growing security concerns regarding the Android 2.0 MOPS. Are there mobile security vulnerabilities to come? Of course, but as I’ve noted in the past, nobody in the MOPS industry addresses vulnerabilities as well as the Google team. As we uncover new vulnerabilities throughout the MOPS landscape, the Google team is consistently the fastest and most efficient to respond.

If you’re in the market for a new handset or you’re one of many Verizon customers that has been waiting patiently for a smartphone of this caliber to come along, I say to you Happy Droid Day! May the force be with you!

-Eric Everson “The MobileTech”

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com

Mobile Security: The New Face of Digital Terrorism

Mobile Security: The New Face of Digital Terrorism


Author: Eric Everson

Hackers have been on the leading edge of digital terrorism for at least ten years now which has put cybersecurity into the national spotlight under the Obama Administration. Issues such as denial-of-service (DoS) attacks, attacks on government contractors, and the recently reported breach of defense contractor computers that let hackers get information on the Joint Strike Fighter, suggest that hacking has become commonplace in the computing industry, but is there a greater threat looming?

Looking at the digital security environment, there is one digital front that remains largely untouched by existing cybersecurity policy: mobile security and the great wireless vulnerability. The world has become completely dependent on mobile communication devices from basic cell phones to advanced smartphones. Throughout the world the use of mobile communications continues to rise and new frontiers of mobile commerce (i.e. mobile banking/payments) are finding their way into less developed markets. The reality is that cell phones are everywhere we look, but the issue is that handset-level security remains our greatest digital security vulnerability.

Why would a terrorist want to write code for your cell phone? A simple question, yet one that offers a frightening glimpse into our global issue of mobile security. In mobile communications the wireless industry operates in a network-secure environment and leaves handset-level security up to the mobile user. This has fostered an environment where the wireless network-level itself has safeguards in place, but the majority of mobile devices remain open to attack. The reality of digital terrorism in the mobile environment is that through the use of readily available Mobile Operating System (MOPS) Software Development Kits (SDKs) entire wireless markets could be systematically infected and ultimately shutdown in a DoS type of attack at the handset-level.

We’ve already seen mobile viruses that are capable of replicating themselves by auto-disseminating through your contact list. We’ve already seen the large-scale implications of JavaMite mobile viruses capable of attacking the Java-enabled plane of entry (globally nearly 80% of mobile handsets in operation today are Java-enabled). With mobile threats on the rise and an increasing arsenal of mobile hacker tools becoming readily available, the new face of digital terrorism is mobile in nature. Imagine the ability to cut off mobile communications to an entire city, country, or even continent and this is the raw power of digital terrorism that we face. Sure, the network-level has its safeguards, but what is protecting phones at the handset-level? This is something that handset manufacturers are fighting through their own unique methods but an issue that is becoming of increasing concern for mobile users… and government officials.

Remember the whole spy-proof smartphone debacle surrounding President Obama’s love of his BlackBerry? The reality is that data mining is easily accomplished via mobile handsets through any number of mobile keyloggers that are available on the open market. Whether reading someone’s messages or looking for more specific data, the technologies to access this proprietary data can be easily adopted by anyone with basic software skills. There are so many issues from data high-jacking to mass DoS attacks that are pushing their way into the mainstream realm of the digital security environment. The growth of mobile banking and the global reliance on mobile handsets is attracting hackers to this newest theater of mobile vulnerability.

Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com

Ref: Wired.com

3-Way Mobile Security… What is Original1?

3-Way Mobile Security… What is Original1?

Today, SAP, Nokia and Giesecke & Devrient (G&D) today have announced plans to form a new company, named "Original1," to deliver unique product authentication and anti-counterfeiting services across the globe. Though this venture has been grabbing some headlines, what does it really mean for mobile security?

According to the press release on the matter, “Original1's services will rely on SAP technology and solutions, while Nokia will deliver mobile authentication software to allow businesses to follow a branded product's entire life cycle, from a factory to the end customer, using mobile devices. G&D's contribution to Original1 will consist of security solutions for the entire value chain.” While the 3-way joint venture is pending regulatory approvals, the company expects to be operational before the end of the year. While this venture may/may not directly offer services to individual subscribers at the handset level, the intentions of this venture reflect the indirect opportunity to improve the user environment for wireless users.

At first glance this venture seems to be aimed primarily at introducing new solutions to improve brand protection services, but perhaps as the company moves forward we’ll all see subtle improvements in aspects of mobile commerce and mobile authentication. The battle for security in wireless has been going on for many years now and it’s finally beginning to get the respect it deserves. Considering that services such as mobile banking are increasingly being adopted, the reality is that mobile hacking tools are becoming more readily available too. Today there are multiple websites with dedicated mobile hacker software, which is a niche software market set for rapid expansion.

As the old quote attributed to Willie Sutton goes, “I rob banks because that's where the money is.” The reality is that money is digital and digital money is quickly making its way into the mobile environment. With an abundance of mobile hacker tools coming available, it already takes far less technology sophistication to hack into cell phones than it did just two years ago. Security is a veil for most people but remains a digital puzzle for those behind the hack. To see a company like Nokia involved in this 3-way joint venture speaks volumes to the opportunity for security-driven technologies to debut on future Nokia platforms.

Eric Everson – The MobileTech

Ref:
http://online.wsj.com/article/BT-CO-20091027-704578.html

Mobile Security Talk: Google’s Android a Smart Move for Dell Smartphone!

Mobile Security Talk: Google’s Android a Smart Move for Dell Smartphone!
Author: Eric Everson, Founder MyMobiSafe.com

I am known for my tough love on MOPS (Mobile Operating System) developers when it comes to the security of their platforms, but in all honesty Google’s Android Team is proving to be among the best in the business for addressing the vulnerabilities that we uncover.
In a bold move last week, Dell announced regarding their future mobile phone development that they will depart from their historically turbulent relationship with Microsoft and have opted to develop their smartphone platform with Google’s Android MOPS. While this does not directly suggest anything about the security of the Windows Mobile MOPS, it does further solidify the fact that Google is successfully positioning Android as a major force to be reckoned with.

Just yesterday, Google debuted their latest security patch for Android which resolved some inherently pressing SMS vulnerabilities. Prior to the patch, certain malicious SMS messages were capable of disconnecting an Android mobile phone from its mobile network. Additionally this patch resolved the threat to within Android's Dalvik API from a malicious DoS (Denial of Service) threat which specifically targeted Android users. This particular mobile malware would trigger the vulnerable API function and could restart the system process. While annoying for users, this particular mobile malware platform had not evolved to the point where personal data was put at risk on the handset.

With this latest patch in place, Google continues to prove that when issues are identified they take charge to resolve the issue before users are affected at large. This instant response to mobile threats certainly sets the stage for Dell loyal customers to expand their technology suite via the “Dell Phone” as mobile security issues are of less concern. Naturally as the Android MOPS continues to grow in popularity it will continue to be a target of mobile hackers, but as they successfully prove time after time, the Google software engineers put mobile security issues at the forefront of their priorities.

As a leading voice in mobile security, it would be hard not to recognize the world-class support that Google has put behind Android. This is a value added opportunity that Dell can certainly build on as they enter the wireless industry next year. I am looking forward to the arrival of the Dell Phone as I see a significant opportunity for a company like Dell to integrate computing technologies within the wireless environment. Android offers an incredible platform which embraces third-party development (i.e. ensures an abundance of quality apps) and also offers security support like nobody else in the business. Should Microsoft have concern for Google displacing them in the future? One thing is certain as mobile technologies are the future of computing, this is an area where Microsoft has certainly struggled.

Eric Everson is a leading mobile security expert and has emerged as an authority on mobile security strategy and innovative wireless technologies. To contact Eric for interviews, consulting, research, or otherwise email him directly at EricEverson@Hotmail.com

Dell goes Android…Another Mobile Setback for Microsoft?

Dell goes Android…Another Mobile Setback for Microsoft?
Author: Eric Everson

The king of the computer-based Operating System market has struggled to acquire the same level of success and scalability within the wireless industry. For years Windows Mobile has taken a back seat to other Mobile Operating Systems (MOPS) and most recently the introduction of Google’s Android marks a serious threat to Microsoft’s future in this segment.

Windows Mobile admittedly is not a bad environment, but at the edge of innovation, Android likewise ups the ante. One of the key attractions to Andriod from a developer’s perspective is that accessibility and control granted via the Android SDK. While some content can be developed in Microsoft’s free Windows Mobile SDK, there is much more creative control via the Android SDK.

For mobile users greater SDK flexibility translates to a greater variety of available third party content, something that the iPhone has brought to a whole new level. As Dell is tapping deeper into the mobile industry they’ve recently announced that they’ll be bringing an Android-based handset to market next year. While many loyal Dell users are anxiously anticipating the arrival of the Dell phone to complement their technology suite, this news creates a serious ripple in the mobile waters for Microsoft. The issues between Dell and Microsoft have seemed escalated since the disastrous debut of Vista, so it’s not a huge surprise that Dell is looking for a new avenue to embrace their mobile debut.

I’ve said it before and I’ll say it again, Microsoft needs to seriously start pulling in some fresh blood or this is sure to be another nail in its wireless coffin.

Your innovative tech insider!
Eric Everson – The MobileTech

Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.

Verizon Wireless: Handset-level Mobile Security?

Verizon Wireless: Handset-level Mobile Security?
Author: Eric Everson, Founder MyMobiSafe, LLC

In reading a recent press release from Verizon Wireless, something very interesting caught my eye, “Mobile Application Security - Set of professional services designed to help enterprises deliver mobile applications securely by maintaining consistent levels of protection and compliance for both traditional and mobile applications.”(Verizon; 2009) Digging deeper into this offering I found that the Mobile Security plan will enforce access codes, establish policies by which devices that are stolen or lost can be locked by the administrator and cleansed of data; encrypt devices and data cards; and deliver firewall and antivirus applications. (Managing Automation; 2009)

Perhaps it’s because I live mobile security all day, every day, but I think in their attempt to extend their professional services business, Verizon Wireless may have just walked into a hornet nest. The question is, how many times will they have to get stung before they realize the enormity of this unique industry?

I’m all for Verizon Wireless expanding their professional services business because as they’ve finally formally recognized the definite need for such services in the marketplace. Traditionally wireless providers have taken a network-level security approach to mobile security (i.e. digital security safeguards at the network-level so that they can promote their “mobile security”). In essence if your handset became infected, it only meant that you had to buy a new one which contributes to the profitability of the provider. This move into the handset-level marks an unprecedented move into the mobile security market by a wireless service provider.

Naturally, seeing a company like Verizon Wireless entering the mobile security business justifies everything that we’ve been working toward at MyMobiSafe.com for the past five years with regard to recognizing the handset-level vulnerabilities that every wireless user faces.
It will be interesting to see how Verizon Wireless embraces their new mobile security market and to see what new developments they’re able to bring to the market. I’m sure in a move like this Verizon Wireless has the financial means to develop an impressive mobile security lab and security suite, but clearly significant resources (financial, personnel, PP&E, etc) will be required to embrace this market successfully.

Verizon Wireless entering the mobile security market now is an indication that the value of handset-level security has become a mainstream issue. This announcement marks a significant move into a highly specialized market wherein Verizon Wireless must emerge successful; a failure in this market at their level could be catastrophic for everyone on the Verizon Wireless network.

Welcome to my world Verizon Wireless!

Eric Everson - The MobileTech

Refs:
http://newscenter.verizon.com/press-releases/verizon/2009/supporting-a-mobile-workforce.html

http://www.managingautomation.com/maonline/news/read/Verizon_Unwraps_New_Services_to_Manage_Mobility_33027?page=1

Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.

JavaMites: The Emerging Universal Mobile Threat

If you have been following my entries at ZDNet.co.uk, then you know that I have been very busy lately with all of this JavaMite malware. If you’ve not been to the ZDNet blog I host lately then, you still need to be aware of this latest development in mobile malware.

As defined in my whitepaper on the topic: “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a form of mobile malware that has been in development for sometime, but until February 2009 had not been fully executed.

On February 7, 2009 a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account. This attack targeted handsets without third party mobile security solutions and was made public very quickly upon debut.

At face value this may seem like another harmless attack, but from the perspective of technical sophistication this form of mobile malware is a major development. This form of mobile malware has the technical capacity to infect mobile devices by the masses and so far the authors have demonstrated a preference of targeting the mobile banking sector. To learn more about JavaMites and your risk as a mobile user, please visit my ZDNet blog @ http://community.zdnet.co.uk/blog/0,1000000567,2000440756b,00.htm and read my whitepaper: JavaMites: The Emerging Universal Mobile Threat. Your guru in mobile security… Eric Everson – Founder, MyMobiSafe.com