iPhone App Security - Android App Security: A Growing Digital Risk
Author: Eric Everson, Chief Technology Officer – MyMobiSafe.com
It’s being called a “gold rush” as estimates such as yesterday’s breaking news on the topic declared, “Flurry predicts that by the end of next year, 150,000 apps will be available for Android phones, up from around 20,000 to 25,000 now.” Developers are beginning to dive into this fast growing new phenomenon of mobile apps.
With developers sharing stories about making tens of thousands of dollars by selling their apps, this is an emerging market that is showing no signs of an economic slowdown. In fact in the same piece by Lance Whitney, it was noted that, “The growth has been meteoric for Apple for iPhone and iPod Touch penetration," he said. "They're already past 50 million units in the marketplace for iPhone and iPod Touch." …while the iPhone is a killer device that gives people a portable computer in their pocket, Apple knows it needs third-party developers, which is one reason the company controls the store. And developers will go wherever they can get a good customer base, realizing that they can build an app once for the App Store and draw in a lot of consumers.” (Read Full Article Here)
This is great news right? A hot emerging market opportunity in a sluggish economy, what’s not to love about that? Not to spoil the celebration, but as a digital security consultant this emerging market has introduced some serious new digital security risks. Don’t just take my word for it, recently security expert Kenneth Van Wyk noted, “Is anyone else concerned about the security of this new gold rush? Just how safe is it to download and use, say, an application that can access my Amazon account and make purchases with “one click”? (Gulp!)” Van Wyk goes on to explore, “…time will illuminate the issues more clearly. For now, I sure hope the application developers aren’t consumed by a gold rush mentality and that they’re practicing safe development methods to ensure all the good stuff—solid authentication, encryption of sensitive data, input validation, etc.—are being thoroughly addressed in the code they release into the wild.” (Read Full Article Here)
Have we opened Pandora’s Box yet again? Having been involved in mobile security for many years as the founder of MyMobiSafe.com, I will say that we’ve just begin to scratch the surface. As we’ve identified (and are working to address at MyMobiSafe.com) developers want to maximize their profitability in this gold rush which often means foregoing security protocols that could prove harmful to your mobile device. The days of cell phones being a disposable technology are quickly coming to an end as these little devices have become primary sources of our proprietary data. From the ability to connect to your bank account to the names and numbers of the people closest to you, your handset security should certainly become one of your top priorities.
With the Android boom of 2010 taking shape, we are about to see a surge (of tidal wave proportions) in the development of mobile apps. Likewise, the iPhone App Store remains just as hot as ever as the iPhone and iPod Touch devices have surpassed the 50 million user mark. There is certainly money to be made, but both users and developers alike must demand a greater level of security to keep everybody’s mobile devices safer. I don’t need my masters degree in Software Engineering to tell you that rushed software is bad software, so before you download that next app, checkout your developer’s credentials.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday, December 30, 2009
Friday, December 18, 2009
Mobile Security Expert: Think Twice Before You Download That New Mobile App!
Mobile Security Expert: Think Twice Before You Download That New Mobile App!
Author: Eric Everson
Whether you are an iPhone user, a Droid user, or a user of any number of new app-compatible handsets, you should be weary of exactly what’s hiding in that app. A term like “Trojan Virus” is nothing new to computer users, but increasingly this type of attack is moving into the mobile environment.
As a mobile security expert, I realize that too few app developers are willing to sacrifice the performance of their apps by adding additional security measures. This reluctance to build-in security protocols has set the stage for a serious level of vulnerability. Having worked in mobile software development myself, I understand that building in certain security features can introduce very noticeable performance hurdles, which is not something that independent app developers want to earn a reputation for.
The mobile app development community is actually still very small and has yet to become dominated by huge corporate interests, so what we have are often developers that often do not have the means to support developing a mobile app and managing a slew of security features therein. As some have admitted, it’s easier to just forget about security all together and let the user worry about their own handset-level security. As the app-driven future of wireless is quickly taking shape, it is again the handset user that must shoulder their own level of security.
At MyMobiSafe.com we are working hard to introduce a new solution for mobile app developers to help tackle this problem, but it will be early next year before we are able to unveil this development. In the interim, mobile users need to think twice before downloading that new app to their handset if they do not already have a mobile security solution on their handset. For many years we as a wireless global community have wrestled with the idea of paying for security software for our handsets. As a digital security consultant, this is a fascinating issue because when I ask most people if they would run their computers without a security solution I always get a resounding “NO!” Why is your phone any different? It packs pretty incredible processing power in its own right and in many cases carries more proprietary data than your own computer.
This time of year, mobile gifts are hugely popular, from new apps to new iPhones to run the apps, the future of the app-driven wireless industry is taking shape each day. As an app user myself, I get it! Apps are fun! More importantly they make life easier! Just use caution and look for reviews (especially security related reviews) pertaining to the apps that you want to download. Looking forward, mobile apps are here to stay; just start being a little more protective of your handset before you download them (especially the free/cheap ones!). You do not want to invite a “Trojan Virus” into your app phone.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson
Whether you are an iPhone user, a Droid user, or a user of any number of new app-compatible handsets, you should be weary of exactly what’s hiding in that app. A term like “Trojan Virus” is nothing new to computer users, but increasingly this type of attack is moving into the mobile environment.
As a mobile security expert, I realize that too few app developers are willing to sacrifice the performance of their apps by adding additional security measures. This reluctance to build-in security protocols has set the stage for a serious level of vulnerability. Having worked in mobile software development myself, I understand that building in certain security features can introduce very noticeable performance hurdles, which is not something that independent app developers want to earn a reputation for.
The mobile app development community is actually still very small and has yet to become dominated by huge corporate interests, so what we have are often developers that often do not have the means to support developing a mobile app and managing a slew of security features therein. As some have admitted, it’s easier to just forget about security all together and let the user worry about their own handset-level security. As the app-driven future of wireless is quickly taking shape, it is again the handset user that must shoulder their own level of security.
At MyMobiSafe.com we are working hard to introduce a new solution for mobile app developers to help tackle this problem, but it will be early next year before we are able to unveil this development. In the interim, mobile users need to think twice before downloading that new app to their handset if they do not already have a mobile security solution on their handset. For many years we as a wireless global community have wrestled with the idea of paying for security software for our handsets. As a digital security consultant, this is a fascinating issue because when I ask most people if they would run their computers without a security solution I always get a resounding “NO!” Why is your phone any different? It packs pretty incredible processing power in its own right and in many cases carries more proprietary data than your own computer.
This time of year, mobile gifts are hugely popular, from new apps to new iPhones to run the apps, the future of the app-driven wireless industry is taking shape each day. As an app user myself, I get it! Apps are fun! More importantly they make life easier! Just use caution and look for reviews (especially security related reviews) pertaining to the apps that you want to download. Looking forward, mobile apps are here to stay; just start being a little more protective of your handset before you download them (especially the free/cheap ones!). You do not want to invite a “Trojan Virus” into your app phone.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Thursday, December 10, 2009
Global Enterprise Security: The Emerging Mobile Workforce… Is Your Company Ready?
Author: Eric Everson, Enterprise Security
“Global Enterprise Security” is an old phrase, but as many C-level managers are uncovering, there is a new face to this dynamic business environment. With technology tools flooding the market that have enabled the emergence of true virtual teams and ultimately a mobile workforce, the landscape of Global Enterprise Security has already changed faster than most IT professionals are willing to admit.
From doing remote desktop support pool-side to answering emails from your handheld device from 30,000 feet, everyone from the frontlines of the business to the top brass are integrating mobility into their work environment. Unlike some of my peers, I am not calling for the death of the brick and mortar workplace, but as a leader in digital security, I refuse to ignore the new challenges that these technologies represent to your Global Enterprise Security strategy. Most C-level manager’s never even think that their coveted BlackBerry could have already been hacked or otherwise compromised, yet it is a reality that we all face on a daily basis.
For mobile hackers, those very emails that you are responding to at 30,000 feet could mean a big paycheck if put in the right hands. Yes, we’re talking about that very real, under the table, realm of corporate espionage. If you’re a C-level executive and you think that it can’t happen to you, I encourage you to take a long hard look in the mirror and welcome yourself to the realities of the emerging mobile workforce and the issues it represents to your own security strategy. As the first go-to guy for many CIO’s facing this very real wake-up call, I can assure you that this is not an area of digital security that you or your company should take lightly. The mobile workforce of tomorrow is emerging faster than you might expect and for many business leaders looking around their companies, elements such as employee cell phones and laptops are nothing new and are giving them a certain lump in the throat that is hard to dismiss.
Beyond corporate espionage, just think for a moment about what happens when one of your employees drops their cell phone in a crowded holiday shopping center. Frighteningly few corporate IT organizations even have the safeguards in place today to remotely lock that handset from prying eyes (a technology which is now broadly available and is highly affordable to any size company). Would you want your proprietary next quarter pricing data in the wrong hands? It is a reality that far too few technology managers are equipped to deal with (which is also why my cell phone stays so hot). Whether you have put policies in place or not that deal with employee texting, inevitably I guarantee with 100% certainty your company data will find its way into a text message in the very near future.
It can be as simple as two managers riding opposite trains home that want to polish up a few last minute details for tomorrow’s big meeting and it can be as severe as employees committing the act of sharing your customer data with a third-party for added holiday cash. We are moving into new times and unfortunately far too many executive level managers are as ready to deal with the problems as they would like to admit. For the CEO reading this, just stop your CIO in the hall and ask him/her to explain JavaMites and the threat they represent to your Global Enterprise Security strategy company and you’ll see your CIO squirm against something they’ve likely never even heard of.
Just as a heads up, JavaMites are the latest form of mobile malware to emerge and are capable of jumping from any Java-enabled mobile device (nearly 90% of wireless phones/smartphones are Java-enabled) and can also infiltrate any data on the handset to feed it back to mobile hackers. (Learn More about JavaMites Here)
For the IT executives that are carrying themselves around company headquarters with that false glow of confidence, I dare to challenge that behind the icing of your technology cake is a vulnerability within your security strategy that could shake your company to its core. You can sugar coat and show boat with all of the money you have spent on security, but the reality is that via a single mobile phone a talented hacker can bypass your digital fortress and can comprise everything you have developed on your way to achieving that cozy little office and nice car in the parking garage. So why is your CEO putting my cell phone number into his phone and not calling you directly? …Is your company ready?
Eric Everson is a leader in digital security and mobile technologies as the founder of MyMobiSafe, LLC. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday, December 2, 2009
JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market
JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market
Author: Eric Everson, Mobile Security Expert
Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.
The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.
What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.
As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.
At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.
Your expert in mobile security and innovative technologies,
Eric Everson – The MobileTech
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, Mobile Security Expert
Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.
The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.
What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.
As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.
At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.
Your expert in mobile security and innovative technologies,
Eric Everson – The MobileTech
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Monday, November 16, 2009
App Wars: Can Google Compete with Apple’s App Store?
App Wars: Can Google Compete with Apple’s App Store?
Author: Eric Everson
Mobile Apps have become a vital element of the mobile experience. The iPhone is practically built on its abundance and accessibility to the ever-increasing number of apps, but the recent release of the Motorola Droid has many wondering if Google is going to flex its muscle against Apple’s App Store to propel the Google Android MOPS into the future.
Will Google introduce an app store that will rival the popular Apple App Store? Having spoke with many third-party mobile content developers, the development community is desperate for a rival marketplace to introduce their content. As some of the developers have suggested, the Apple App Store is already so crowded and puts such a tight pinch on profitability that developers are forced to compete by volume not quality.
As a mobile security expert, this obviously introduces many concerns regarding the security of the mobile apps that are hitting the market, but more importantly begs the question: How will Google respond? If you’ve been to Android.com lately you may have noticed the Android Market, a small-scale window into what could be the beginning of Google’s fight in the mobile app market. This site offers somewhere in the neighborhood of 35 different apps for the Android MOPS. The Android MOPS (Mobile Operating System) made its most recent debut on the Motorola Droid handset which hit Verizon Wireless stores on November 6, 2009.
The handset has been met with mixed reviews (especially from the iPhone naysayers) but in all honesty I’ve found it to be a cool little handset so far. Though a few key apps come pre-loaded on the Droid, you’ll instantly find yourself begging for Google to start fighting back against the Apple App Store. If Google can make their app store more attractive to third-party developers (i.e. more profitable for developers than the Apple App Store competitive market place) and easier to use, I have little doubt that the developers will follow. The reality of the market is that the Google Android MOPS is just on too few handsets at this point, but I believe that a firm investment in the availability of apps could turn this market in Google’s favor.
As more apps come available for the Android handsets, the market demand for Google’s Mobile Operating System is sure to climb too. Success in the mobile industry is increasingly being driven by accessibility to apps rather than any other handset feature. The reality is that Apple’s supremacy in this market to date is directly related to their visionary ability to improve the accessibility to new mobile content. In my opinion, if any company has an opportunity to engage in an App War with Apple, Google gets my vote! The question remains, “Can Google Compete with Apple’s App Store?” Let the App War begin!!!
Eric Everson,
Founder – MyMobiSafe.com
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com
Author: Eric Everson
Mobile Apps have become a vital element of the mobile experience. The iPhone is practically built on its abundance and accessibility to the ever-increasing number of apps, but the recent release of the Motorola Droid has many wondering if Google is going to flex its muscle against Apple’s App Store to propel the Google Android MOPS into the future.
Will Google introduce an app store that will rival the popular Apple App Store? Having spoke with many third-party mobile content developers, the development community is desperate for a rival marketplace to introduce their content. As some of the developers have suggested, the Apple App Store is already so crowded and puts such a tight pinch on profitability that developers are forced to compete by volume not quality.
As a mobile security expert, this obviously introduces many concerns regarding the security of the mobile apps that are hitting the market, but more importantly begs the question: How will Google respond? If you’ve been to Android.com lately you may have noticed the Android Market, a small-scale window into what could be the beginning of Google’s fight in the mobile app market. This site offers somewhere in the neighborhood of 35 different apps for the Android MOPS. The Android MOPS (Mobile Operating System) made its most recent debut on the Motorola Droid handset which hit Verizon Wireless stores on November 6, 2009.
The handset has been met with mixed reviews (especially from the iPhone naysayers) but in all honesty I’ve found it to be a cool little handset so far. Though a few key apps come pre-loaded on the Droid, you’ll instantly find yourself begging for Google to start fighting back against the Apple App Store. If Google can make their app store more attractive to third-party developers (i.e. more profitable for developers than the Apple App Store competitive market place) and easier to use, I have little doubt that the developers will follow. The reality of the market is that the Google Android MOPS is just on too few handsets at this point, but I believe that a firm investment in the availability of apps could turn this market in Google’s favor.
As more apps come available for the Android handsets, the market demand for Google’s Mobile Operating System is sure to climb too. Success in the mobile industry is increasingly being driven by accessibility to apps rather than any other handset feature. The reality is that Apple’s supremacy in this market to date is directly related to their visionary ability to improve the accessibility to new mobile content. In my opinion, if any company has an opportunity to engage in an App War with Apple, Google gets my vote! The question remains, “Can Google Compete with Apple’s App Store?” Let the App War begin!!!
Eric Everson,
Founder – MyMobiSafe.com
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com
Friday, November 6, 2009
Motorola Droid Drops Today: Happy Droid Day America!
Motorola Droid Drops Today: Happy Droid Day America!
Author: Eric Everson, Mobile Security Expert
If you’re wondering what all of the buzz is about with words like Droid and Android 2.0 circling about, you might think for a moment that there is a new George Lucas film that hit theaters. To the contrary, Motorola’s much anticipated Droid handset hits Verizon Wireless stores today in America. This is a hallmark handset that comes equipped with Google’s Android 2.0 MOPS (Mobile Operating System) and offers what some believe to be Verizon’s answer to the iPhone.
As the official Droid release email from Verizon promotes, “The phone that makes you feel like a four star general with natural charisma, twelve arms and the power of mind control is here and is ready to serve.” Okay so, they might be overselling it a little bit, but this Droid handset certainly pushes the competitive landscape forward within the mobile industry. Having taken some time to tinker with the handset, the quality that stands out the most in comparison to the iPhone is its ability to handle apps (applications). If you’re used to the lag of opening apps on your iPhone, the Droid will feel like a supersonic blast of Star Wars-like hyper-drive in your palm!
Also notable is the 5MP (mega pixel) camera feature which pushes the idea of the camera phone into new territory. While it might not compare to the rumored 12MP Nokia camera phone that is secretly said to be in development, you’ll certainly notice a difference in picture quality compared to the 3.2MP camera of the iPhone. The Droid has the look and also pushes handset design forward with such features as a touchscreen plus QWERTY slider keyboard to the next level. The Droid also comes out of the box with built-in access to Amazon’s MP3 store.
Compared to the thriving Apple App Store and iTunes platform, the novelty of an Android App Store seemingly falls flat, but in all fairness the Android community is still very young. As third-party mobile content developers continue to see opportunities to embrace this new market, they will likewise be motivated to develop more apps. I see a great opportunity here for Google to flex its creative muscle to answer the competitive advantage that the iPhone already has in place.
As your resident mobile security expert, I would be amiss not to acknowledge the undertone of growing security concerns regarding the Android 2.0 MOPS. Are there mobile security vulnerabilities to come? Of course, but as I’ve noted in the past, nobody in the MOPS industry addresses vulnerabilities as well as the Google team. As we uncover new vulnerabilities throughout the MOPS landscape, the Google team is consistently the fastest and most efficient to respond.
If you’re in the market for a new handset or you’re one of many Verizon customers that has been waiting patiently for a smartphone of this caliber to come along, I say to you Happy Droid Day! May the force be with you!
-Eric Everson “The MobileTech”
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com
Author: Eric Everson, Mobile Security Expert
If you’re wondering what all of the buzz is about with words like Droid and Android 2.0 circling about, you might think for a moment that there is a new George Lucas film that hit theaters. To the contrary, Motorola’s much anticipated Droid handset hits Verizon Wireless stores today in America. This is a hallmark handset that comes equipped with Google’s Android 2.0 MOPS (Mobile Operating System) and offers what some believe to be Verizon’s answer to the iPhone.
As the official Droid release email from Verizon promotes, “The phone that makes you feel like a four star general with natural charisma, twelve arms and the power of mind control is here and is ready to serve.” Okay so, they might be overselling it a little bit, but this Droid handset certainly pushes the competitive landscape forward within the mobile industry. Having taken some time to tinker with the handset, the quality that stands out the most in comparison to the iPhone is its ability to handle apps (applications). If you’re used to the lag of opening apps on your iPhone, the Droid will feel like a supersonic blast of Star Wars-like hyper-drive in your palm!
Also notable is the 5MP (mega pixel) camera feature which pushes the idea of the camera phone into new territory. While it might not compare to the rumored 12MP Nokia camera phone that is secretly said to be in development, you’ll certainly notice a difference in picture quality compared to the 3.2MP camera of the iPhone. The Droid has the look and also pushes handset design forward with such features as a touchscreen plus QWERTY slider keyboard to the next level. The Droid also comes out of the box with built-in access to Amazon’s MP3 store.
Compared to the thriving Apple App Store and iTunes platform, the novelty of an Android App Store seemingly falls flat, but in all fairness the Android community is still very young. As third-party mobile content developers continue to see opportunities to embrace this new market, they will likewise be motivated to develop more apps. I see a great opportunity here for Google to flex its creative muscle to answer the competitive advantage that the iPhone already has in place.
As your resident mobile security expert, I would be amiss not to acknowledge the undertone of growing security concerns regarding the Android 2.0 MOPS. Are there mobile security vulnerabilities to come? Of course, but as I’ve noted in the past, nobody in the MOPS industry addresses vulnerabilities as well as the Google team. As we uncover new vulnerabilities throughout the MOPS landscape, the Google team is consistently the fastest and most efficient to respond.
If you’re in the market for a new handset or you’re one of many Verizon customers that has been waiting patiently for a smartphone of this caliber to come along, I say to you Happy Droid Day! May the force be with you!
-Eric Everson “The MobileTech”
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com
Monday, November 2, 2009
Mobile Security: The New Face of Digital Terrorism
Author: Eric Everson
Hackers have been on the leading edge of digital terrorism for at least ten years now which has put cybersecurity into the national spotlight under the Obama Administration. Issues such as denial-of-service (DoS) attacks, attacks on government contractors, and the recently reported breach of defense contractor computers that let hackers get information on the Joint Strike Fighter, suggest that hacking has become commonplace in the computing industry, but is there a greater threat looming?
Looking at the digital security environment, there is one digital front that remains largely untouched by existing cybersecurity policy: mobile security and the great wireless vulnerability. The world has become completely dependent on mobile communication devices from basic cell phones to advanced smartphones. Throughout the world the use of mobile communications continues to rise and new frontiers of mobile commerce (i.e. mobile banking/payments) are finding their way into less developed markets. The reality is that cell phones are everywhere we look, but the issue is that handset-level security remains our greatest digital security vulnerability.
Why would a terrorist want to write code for your cell phone? A simple question, yet one that offers a frightening glimpse into our global issue of mobile security. In mobile communications the wireless industry operates in a network-secure environment and leaves handset-level security up to the mobile user. This has fostered an environment where the wireless network-level itself has safeguards in place, but the majority of mobile devices remain open to attack. The reality of digital terrorism in the mobile environment is that through the use of readily available Mobile Operating System (MOPS) Software Development Kits (SDKs) entire wireless markets could be systematically infected and ultimately shutdown in a DoS type of attack at the handset-level.
We’ve already seen mobile viruses that are capable of replicating themselves by auto-disseminating through your contact list. We’ve already seen the large-scale implications of JavaMite mobile viruses capable of attacking the Java-enabled plane of entry (globally nearly 80% of mobile handsets in operation today are Java-enabled). With mobile threats on the rise and an increasing arsenal of mobile hacker tools becoming readily available, the new face of digital terrorism is mobile in nature. Imagine the ability to cut off mobile communications to an entire city, country, or even continent and this is the raw power of digital terrorism that we face. Sure, the network-level has its safeguards, but what is protecting phones at the handset-level? This is something that handset manufacturers are fighting through their own unique methods but an issue that is becoming of increasing concern for mobile users… and government officials.
Remember the whole spy-proof smartphone debacle surrounding President Obama’s love of his BlackBerry? The reality is that data mining is easily accomplished via mobile handsets through any number of mobile keyloggers that are available on the open market. Whether reading someone’s messages or looking for more specific data, the technologies to access this proprietary data can be easily adopted by anyone with basic software skills. There are so many issues from data high-jacking to mass DoS attacks that are pushing their way into the mainstream realm of the digital security environment. The growth of mobile banking and the global reliance on mobile handsets is attracting hackers to this newest theater of mobile vulnerability.
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com
Ref: Wired.com
Tuesday, October 27, 2009
3-Way Mobile Security… What is Original1?
3-Way Mobile Security… What is Original1?
Today, SAP, Nokia and Giesecke & Devrient (G&D) today have announced plans to form a new company, named "Original1," to deliver unique product authentication and anti-counterfeiting services across the globe. Though this venture has been grabbing some headlines, what does it really mean for mobile security?
According to the press release on the matter, “Original1's services will rely on SAP technology and solutions, while Nokia will deliver mobile authentication software to allow businesses to follow a branded product's entire life cycle, from a factory to the end customer, using mobile devices. G&D's contribution to Original1 will consist of security solutions for the entire value chain.” While the 3-way joint venture is pending regulatory approvals, the company expects to be operational before the end of the year. While this venture may/may not directly offer services to individual subscribers at the handset level, the intentions of this venture reflect the indirect opportunity to improve the user environment for wireless users.
At first glance this venture seems to be aimed primarily at introducing new solutions to improve brand protection services, but perhaps as the company moves forward we’ll all see subtle improvements in aspects of mobile commerce and mobile authentication. The battle for security in wireless has been going on for many years now and it’s finally beginning to get the respect it deserves. Considering that services such as mobile banking are increasingly being adopted, the reality is that mobile hacking tools are becoming more readily available too. Today there are multiple websites with dedicated mobile hacker software, which is a niche software market set for rapid expansion.
As the old quote attributed to Willie Sutton goes, “I rob banks because that's where the money is.” The reality is that money is digital and digital money is quickly making its way into the mobile environment. With an abundance of mobile hacker tools coming available, it already takes far less technology sophistication to hack into cell phones than it did just two years ago. Security is a veil for most people but remains a digital puzzle for those behind the hack. To see a company like Nokia involved in this 3-way joint venture speaks volumes to the opportunity for security-driven technologies to debut on future Nokia platforms.
Eric Everson – The MobileTech
Ref:
http://online.wsj.com/article/BT-CO-20091027-704578.html
Today, SAP, Nokia and Giesecke & Devrient (G&D) today have announced plans to form a new company, named "Original1," to deliver unique product authentication and anti-counterfeiting services across the globe. Though this venture has been grabbing some headlines, what does it really mean for mobile security?
According to the press release on the matter, “Original1's services will rely on SAP technology and solutions, while Nokia will deliver mobile authentication software to allow businesses to follow a branded product's entire life cycle, from a factory to the end customer, using mobile devices. G&D's contribution to Original1 will consist of security solutions for the entire value chain.” While the 3-way joint venture is pending regulatory approvals, the company expects to be operational before the end of the year. While this venture may/may not directly offer services to individual subscribers at the handset level, the intentions of this venture reflect the indirect opportunity to improve the user environment for wireless users.
At first glance this venture seems to be aimed primarily at introducing new solutions to improve brand protection services, but perhaps as the company moves forward we’ll all see subtle improvements in aspects of mobile commerce and mobile authentication. The battle for security in wireless has been going on for many years now and it’s finally beginning to get the respect it deserves. Considering that services such as mobile banking are increasingly being adopted, the reality is that mobile hacking tools are becoming more readily available too. Today there are multiple websites with dedicated mobile hacker software, which is a niche software market set for rapid expansion.
As the old quote attributed to Willie Sutton goes, “I rob banks because that's where the money is.” The reality is that money is digital and digital money is quickly making its way into the mobile environment. With an abundance of mobile hacker tools coming available, it already takes far less technology sophistication to hack into cell phones than it did just two years ago. Security is a veil for most people but remains a digital puzzle for those behind the hack. To see a company like Nokia involved in this 3-way joint venture speaks volumes to the opportunity for security-driven technologies to debut on future Nokia platforms.
Eric Everson – The MobileTech
Ref:
http://online.wsj.com/article/BT-CO-20091027-704578.html
Thursday, October 15, 2009
Mobile Security Talk: Google’s Android a Smart Move for Dell Smartphone!
Mobile Security Talk: Google’s Android a Smart Move for Dell Smartphone!
Author: Eric Everson, Founder MyMobiSafe.com
I am known for my tough love on MOPS (Mobile Operating System) developers when it comes to the security of their platforms, but in all honesty Google’s Android Team is proving to be among the best in the business for addressing the vulnerabilities that we uncover.
In a bold move last week, Dell announced regarding their future mobile phone development that they will depart from their historically turbulent relationship with Microsoft and have opted to develop their smartphone platform with Google’s Android MOPS. While this does not directly suggest anything about the security of the Windows Mobile MOPS, it does further solidify the fact that Google is successfully positioning Android as a major force to be reckoned with.
Author: Eric Everson, Founder MyMobiSafe.com
I am known for my tough love on MOPS (Mobile Operating System) developers when it comes to the security of their platforms, but in all honesty Google’s Android Team is proving to be among the best in the business for addressing the vulnerabilities that we uncover.
In a bold move last week, Dell announced regarding their future mobile phone development that they will depart from their historically turbulent relationship with Microsoft and have opted to develop their smartphone platform with Google’s Android MOPS. While this does not directly suggest anything about the security of the Windows Mobile MOPS, it does further solidify the fact that Google is successfully positioning Android as a major force to be reckoned with.
Just yesterday, Google debuted their latest security patch for Android which resolved some inherently pressing SMS vulnerabilities. Prior to the patch, certain malicious SMS messages were capable of disconnecting an Android mobile phone from its mobile network. Additionally this patch resolved the threat to within Android's Dalvik API from a malicious DoS (Denial of Service) threat which specifically targeted Android users. This particular mobile malware would trigger the vulnerable API function and could restart the system process. While annoying for users, this particular mobile malware platform had not evolved to the point where personal data was put at risk on the handset.
With this latest patch in place, Google continues to prove that when issues are identified they take charge to resolve the issue before users are affected at large. This instant response to mobile threats certainly sets the stage for Dell loyal customers to expand their technology suite via the “Dell Phone” as mobile security issues are of less concern. Naturally as the Android MOPS continues to grow in popularity it will continue to be a target of mobile hackers, but as they successfully prove time after time, the Google software engineers put mobile security issues at the forefront of their priorities.
As a leading voice in mobile security, it would be hard not to recognize the world-class support that Google has put behind Android. This is a value added opportunity that Dell can certainly build on as they enter the wireless industry next year. I am looking forward to the arrival of the Dell Phone as I see a significant opportunity for a company like Dell to integrate computing technologies within the wireless environment. Android offers an incredible platform which embraces third-party development (i.e. ensures an abundance of quality apps) and also offers security support like nobody else in the business. Should Microsoft have concern for Google displacing them in the future? One thing is certain as mobile technologies are the future of computing, this is an area where Microsoft has certainly struggled.
Eric Everson is a leading mobile security expert and has emerged as an authority on mobile security strategy and innovative wireless technologies. To contact Eric for interviews, consulting, research, or otherwise email him directly at EricEverson@Hotmail.com
Thursday, October 8, 2009
Dell goes Android…Another Mobile Setback for Microsoft?
Dell goes Android…Another Mobile Setback for Microsoft?
Author: Eric Everson
The king of the computer-based Operating System market has struggled to acquire the same level of success and scalability within the wireless industry. For years Windows Mobile has taken a back seat to other Mobile Operating Systems (MOPS) and most recently the introduction of Google’s Android marks a serious threat to Microsoft’s future in this segment.
Windows Mobile admittedly is not a bad environment, but at the edge of innovation, Android likewise ups the ante. One of the key attractions to Andriod from a developer’s perspective is that accessibility and control granted via the Android SDK. While some content can be developed in Microsoft’s free Windows Mobile SDK, there is much more creative control via the Android SDK.
For mobile users greater SDK flexibility translates to a greater variety of available third party content, something that the iPhone has brought to a whole new level. As Dell is tapping deeper into the mobile industry they’ve recently announced that they’ll be bringing an Android-based handset to market next year. While many loyal Dell users are anxiously anticipating the arrival of the Dell phone to complement their technology suite, this news creates a serious ripple in the mobile waters for Microsoft. The issues between Dell and Microsoft have seemed escalated since the disastrous debut of Vista, so it’s not a huge surprise that Dell is looking for a new avenue to embrace their mobile debut.
I’ve said it before and I’ll say it again, Microsoft needs to seriously start pulling in some fresh blood or this is sure to be another nail in its wireless coffin.
Your innovative tech insider!
Eric Everson – The MobileTech
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson
The king of the computer-based Operating System market has struggled to acquire the same level of success and scalability within the wireless industry. For years Windows Mobile has taken a back seat to other Mobile Operating Systems (MOPS) and most recently the introduction of Google’s Android marks a serious threat to Microsoft’s future in this segment.
Windows Mobile admittedly is not a bad environment, but at the edge of innovation, Android likewise ups the ante. One of the key attractions to Andriod from a developer’s perspective is that accessibility and control granted via the Android SDK. While some content can be developed in Microsoft’s free Windows Mobile SDK, there is much more creative control via the Android SDK.
For mobile users greater SDK flexibility translates to a greater variety of available third party content, something that the iPhone has brought to a whole new level. As Dell is tapping deeper into the mobile industry they’ve recently announced that they’ll be bringing an Android-based handset to market next year. While many loyal Dell users are anxiously anticipating the arrival of the Dell phone to complement their technology suite, this news creates a serious ripple in the mobile waters for Microsoft. The issues between Dell and Microsoft have seemed escalated since the disastrous debut of Vista, so it’s not a huge surprise that Dell is looking for a new avenue to embrace their mobile debut.
I’ve said it before and I’ll say it again, Microsoft needs to seriously start pulling in some fresh blood or this is sure to be another nail in its wireless coffin.
Your innovative tech insider!
Eric Everson – The MobileTech
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Tuesday, September 29, 2009
Verizon Wireless: Handset-level Mobile Security?
Verizon Wireless: Handset-level Mobile Security?
Author: Eric Everson, Founder MyMobiSafe, LLC
In reading a recent press release from Verizon Wireless, something very interesting caught my eye, “Mobile Application Security - Set of professional services designed to help enterprises deliver mobile applications securely by maintaining consistent levels of protection and compliance for both traditional and mobile applications.”(Verizon; 2009) Digging deeper into this offering I found that the Mobile Security plan will enforce access codes, establish policies by which devices that are stolen or lost can be locked by the administrator and cleansed of data; encrypt devices and data cards; and deliver firewall and antivirus applications. (Managing Automation; 2009)
Perhaps it’s because I live mobile security all day, every day, but I think in their attempt to extend their professional services business, Verizon Wireless may have just walked into a hornet nest. The question is, how many times will they have to get stung before they realize the enormity of this unique industry?
I’m all for Verizon Wireless expanding their professional services business because as they’ve finally formally recognized the definite need for such services in the marketplace. Traditionally wireless providers have taken a network-level security approach to mobile security (i.e. digital security safeguards at the network-level so that they can promote their “mobile security”). In essence if your handset became infected, it only meant that you had to buy a new one which contributes to the profitability of the provider. This move into the handset-level marks an unprecedented move into the mobile security market by a wireless service provider.
Naturally, seeing a company like Verizon Wireless entering the mobile security business justifies everything that we’ve been working toward at MyMobiSafe.com for the past five years with regard to recognizing the handset-level vulnerabilities that every wireless user faces.
It will be interesting to see how Verizon Wireless embraces their new mobile security market and to see what new developments they’re able to bring to the market. I’m sure in a move like this Verizon Wireless has the financial means to develop an impressive mobile security lab and security suite, but clearly significant resources (financial, personnel, PP&E, etc) will be required to embrace this market successfully.
Verizon Wireless entering the mobile security market now is an indication that the value of handset-level security has become a mainstream issue. This announcement marks a significant move into a highly specialized market wherein Verizon Wireless must emerge successful; a failure in this market at their level could be catastrophic for everyone on the Verizon Wireless network.
Welcome to my world Verizon Wireless!
Eric Everson - The MobileTech
Refs:
http://newscenter.verizon.com/press-releases/verizon/2009/supporting-a-mobile-workforce.html
http://www.managingautomation.com/maonline/news/read/Verizon_Unwraps_New_Services_to_Manage_Mobility_33027?page=1
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, Founder MyMobiSafe, LLC
In reading a recent press release from Verizon Wireless, something very interesting caught my eye, “Mobile Application Security - Set of professional services designed to help enterprises deliver mobile applications securely by maintaining consistent levels of protection and compliance for both traditional and mobile applications.”(Verizon; 2009) Digging deeper into this offering I found that the Mobile Security plan will enforce access codes, establish policies by which devices that are stolen or lost can be locked by the administrator and cleansed of data; encrypt devices and data cards; and deliver firewall and antivirus applications. (Managing Automation; 2009)
Perhaps it’s because I live mobile security all day, every day, but I think in their attempt to extend their professional services business, Verizon Wireless may have just walked into a hornet nest. The question is, how many times will they have to get stung before they realize the enormity of this unique industry?
I’m all for Verizon Wireless expanding their professional services business because as they’ve finally formally recognized the definite need for such services in the marketplace. Traditionally wireless providers have taken a network-level security approach to mobile security (i.e. digital security safeguards at the network-level so that they can promote their “mobile security”). In essence if your handset became infected, it only meant that you had to buy a new one which contributes to the profitability of the provider. This move into the handset-level marks an unprecedented move into the mobile security market by a wireless service provider.
Naturally, seeing a company like Verizon Wireless entering the mobile security business justifies everything that we’ve been working toward at MyMobiSafe.com for the past five years with regard to recognizing the handset-level vulnerabilities that every wireless user faces.
It will be interesting to see how Verizon Wireless embraces their new mobile security market and to see what new developments they’re able to bring to the market. I’m sure in a move like this Verizon Wireless has the financial means to develop an impressive mobile security lab and security suite, but clearly significant resources (financial, personnel, PP&E, etc) will be required to embrace this market successfully.
Verizon Wireless entering the mobile security market now is an indication that the value of handset-level security has become a mainstream issue. This announcement marks a significant move into a highly specialized market wherein Verizon Wireless must emerge successful; a failure in this market at their level could be catastrophic for everyone on the Verizon Wireless network.
Welcome to my world Verizon Wireless!
Eric Everson - The MobileTech
Refs:
http://newscenter.verizon.com/press-releases/verizon/2009/supporting-a-mobile-workforce.html
http://www.managingautomation.com/maonline/news/read/Verizon_Unwraps_New_Services_to_Manage_Mobility_33027?page=1
Eric Everson is a leading mobile technologies researcher and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for interview or with research related inquiries contact him directly at EricEverson@Hotmail.com.
Thursday, March 19, 2009
JavaMites: The Emerging Universal Mobile Threat
If you have been following my entries at ZDNet.co.uk, then you know that I have been very busy lately with all of this JavaMite malware. If you’ve not been to the ZDNet blog I host lately then, you still need to be aware of this latest development in mobile malware.
As defined in my whitepaper on the topic: “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a form of mobile malware that has been in development for sometime, but until February 2009 had not been fully executed.
On February 7, 2009 a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account. This attack targeted handsets without third party mobile security solutions and was made public very quickly upon debut.
At face value this may seem like another harmless attack, but from the perspective of technical sophistication this form of mobile malware is a major development. This form of mobile malware has the technical capacity to infect mobile devices by the masses and so far the authors have demonstrated a preference of targeting the mobile banking sector. To learn more about JavaMites and your risk as a mobile user, please visit my ZDNet blog @ http://community.zdnet.co.uk/blog/0,1000000567,2000440756b,00.htm and read my whitepaper: JavaMites: The Emerging Universal Mobile Threat. Your guru in mobile security… Eric Everson – Founder, MyMobiSafe.com
As defined in my whitepaper on the topic: “a JavaMite is any executable software or script written in (or with) the aide of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” This is a form of mobile malware that has been in development for sometime, but until February 2009 had not been fully executed.
On February 7, 2009 a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account. This attack targeted handsets without third party mobile security solutions and was made public very quickly upon debut.
At face value this may seem like another harmless attack, but from the perspective of technical sophistication this form of mobile malware is a major development. This form of mobile malware has the technical capacity to infect mobile devices by the masses and so far the authors have demonstrated a preference of targeting the mobile banking sector. To learn more about JavaMites and your risk as a mobile user, please visit my ZDNet blog @ http://community.zdnet.co.uk/blog/0,1000000567,2000440756b,00.htm and read my whitepaper: JavaMites: The Emerging Universal Mobile Threat. Your guru in mobile security… Eric Everson – Founder, MyMobiSafe.com
Subscribe to:
Posts (Atom)
