As mobile phones become increasingly widespread and technically sophisticated, so are have their vulnerabilities or flaws (Noritaka, 2006, p. 12). The mobile phone market has peaked all over the world and has emerged a highly competitive and globalized mobile phone market. In the United States, mobile phone usage has nearly doubled from 123 million to 213 million users in the period from 2001 to 2005. Source: OECD Communications Outlook, 2007 To face the upcoming challenges of the said market, the mobile phone companies have concentrated on providing substantially advanced functions for their consumers.
The development of wireless broadband functionality has increased mobile phone options. Overall, these developments are not surprising, since these developments are part of maintaining competitiveness and features among mobile phone companies-like any other product in the technological market. Customers are given the kind of potential for productivity and profitability for their business needs via speed and efficiency. Furthermore, users are being provided with many new services on their mobile phones, all of which operate on a variety of software applications.
As these phones become more sophisticated, users now experience a diminishing gap between the ‘mobile phone experience’ versus the use of personal computers, the latter being formerly the exclusive platform for such services and applications. However, these new services and applications also hold great potential for vulnerabilities. As such, security issues abound both at the personal and the enterprise levels. For instance, because users are able to store different types of information in their mobile phones, situations of mobile phone theft carry greater losses than they used to.
In the past, the loss of a mobile phone merely meant a temporary loss of the ability to do business as well as contact information. Today, loss of personal and financial information in the form of electronic currencies, digital tickets and other important phone-stored information is also taken into account. In spite of these, the dependency towards mobile phones continues to increase its use has become more difficult to ignore or reject-especially for those actively involved in business affairs.
In this situation, the continuous development of mobile phone capabilities should come with a concurrent increase in safety and security features to minimize the chances of data loss, information leak and also the compromise of company security through the sudden third-party access of company databases through said mobile phone loss. Despite all this, it appears that not all are taking the issue of security and mobile phone loss very seriously, based on the findings from a 2007 UK-based survey of companies reliant on the use of mobile phone devices for business.
The study revealed that the size of an organisation and the number of mobile phone devices deployed among its employees was directly proportionate to the development of mobile-security policies. (Everett, 2007) This paper is aimed at understanding the core issues associated with mobile phone security. The paper reviews how technological advancements in the field of wireless communication are not merely adding as business innovation, but may pose security risks as well. Moreover the paper also highlights the common threats faced by the individuals and enterprises resulting from flaws within mobile software.
The present and future vulnerabilities of the mobile software are also discussed in the paper. Security Flaws and Potential Threats In Mobile Phone Advancements Software is now considered as one of the standard features of current and future mobile phones because users appreciate the convenience and facilities they offer, and find that they approximate the experience they have with their computers. However, they are also considerably concerned with the insecurities brought about by their software. As the popularity and demand for mobile software goes up, it has become an increasingly ever present aspect of mobile phone use.
As such, they have drawn increasing attention from hackers to identify their security flaws and take advantage of them (Gray, 2003, p. 1). Users are drawn to the promise of convenience yet may remain unaware of the potential security risks. For example, it has been observed that there are risks with the Blackberry wireless protocol: A hacker can take advantage of the trust relationship between a BlackBerry client and the internet server of an organization. By high jacking the connection, the organization can face problems in the form of the compromise of secured data.
(Hickey, 2006, p. 2) Common issues faced with the mobile phones that are a result of hacking include identity theft, loss of personal information, virus infections and harassment. Viruses or worms have already been proven to be a serious problem for the entire computer industry and now the mobile phone industry is facing the same problem. Among an aggregate number of mobile phone users from Britain, Japan and the United States, a poll by security specialist McAfee found that only 2. 1 percent of 2,000 mobile users had had a virus in their phone, while 86.
3 percent said they never heard of someone with a mobile phone virus. Regardless, 72 percent remained concerned with the security of their phone, the greatest concentration of which came from Japan where the phone market is highly developed. (AFP, 2008) It is from this that the software security industry has evolved to cover the mobile market in an attempt to address the need to protect mobile software from such viruses. Vulnerability Issues with New Mobile Phone Models The increased functionality of mobile phones has also led to software complexity to increase at an exponential rate.
Such complexity makes it difficult to predict what potential security concerns may arise in software development. Consider for example, the vulnerability associated with the Nokia 6210 GSM. “@stake”, a US-based security company released an advisory regarding this, nothing that the 6210 users could receive a harmful vCard, a type of electronic business card, maliciously designed to cause the phone to freeze (Gray, 2003, p. 1). Because the mobile user can reboot his unit to address this problem, this particular threat is not very serious in nature, though it is still a huge inconvenience, especially for the consumer.
Authoritative experts on wireless communications believe that these problems are difficult to abate, due to their relationship to the increasingly elaborate nature of software (Gray, 2003, p. 1). Mobile Phones – Future Vulnerabilities Due to the emergent rise of mobile commerce, issues of identity theft may become a greater concern. Developments in mobile phone functionality have culminated in making unit ownership equivalent to user identity. As such, future vulnerabilities may affect users not just on the enterprise level, but on the personal level as well.
Future models feature mobile chips that contain substantially more user data, such as personal information, credit card numbers and transactional records. This is to be expected, as the future of mobile commerce is reliant on storing significant personal data on mobile units in order to facilitate purchase and payments. As such, the opportunity is present for hackers to exploit this: by obtaining such information through the software vulnerabilities, they may be able to cause significant financial harassment of personal damage on the user.
On an enterprise level, such vulnerabilities may give rise to problematic encounters of fraudulent service charges and bills. In this manner, they are an attractive target for hackers. As such, mobile users can experience much inconvenience, as even a request to investigate fraudulent charges will cost them time and money. The relationship between the consumer and the company becomes affected by the compromised service, due to the now degraded sense of safety within the service. By extension, the company may also experience negative publicity that will reduce their revenue from units sold and calls made.
While the question of whether software improvements necessitate such rapid developments is rather arguable, what makes matters more problematic is the unfailing ease and willingness for consumers to embrace new and untested improvements to their mobile phones without being fully aware of the possible threats they may encounter. This is a particularly advantageous situation for the hackers, who have proven their ability to hack all varieties of mobile software and as such, the question of mobile security burdens a greater amount of responsibility on the shoulders of software developers and mobile phone manufacturers.
Security is not foolproof, but the increasing threat does make it a greater concern in terms of sustaining the industry’s future as a commercial enterprise. Some experts consider the BlackBerry not very secure because of the aforementioned problems— with the trust settings between the client and corporate networks, and how it creates the potential for information misuse and control of e-mail systems.
The cost of such a security compromise cannot be understated: there is a possibility of a loss of reputation on the company’s part, a potentially undermined transaction, the malicious attempt to foster miscommunication between companies and the exploitation of confidential information stored within the corporate database and/or deliberate attempts to alter such data. Having noticed such potentially damaging scenarios, mobile phone companies have attempted to address these in several ways.
In the case of the BlackBerry situation, CEO George Tuvell and President Neil Book of mobile security consultants SMobile Systems have provided an engine application to allow users to monitor malware and/or illegitimate mobile connections without compromising end user access and functionality. (Hickey, 2006, p. 1) A certain number of skeptics in the wireless communications field who noted that the mobile industry may be facing a possible future in which software viruses have become an epidemic transmitted internationally across global networks.
The ubiquity of certain software is also a cause for concern. Many critics of standardized software have observed that a homogeneity of software protocols only ensures that hackers will be able to systematically exploit a great number of devices with one hack (hence the concentrated number of assaults on the popular Microsoft Windows operating system). When one software standard dominates, it is easier for the hacker to affect a greater number of users, as it is no longer necessary to determine individual vulnerabilities among software on a platform to platform basis.
In the case of Symbian, they developed an operating system that at its peak was used in almost 70% of the smart phones available in the market. The Symbian OS was developed as an open operating system for use on many of the popular mobile brands such as Nokia, Siemens and Panasonic. Its open nature makes it free for technically inclined users to intimate its inner workings. However, it was also insecure and prone to attack from such techniques as MMS Trojan and SMS dialing Trojan.