With increasingly open mobile operator networks, the rise in mobile content and applications, and the influx of smartphones, the world is seeing a revolution in mobile adoption. Perhaps nowhere else are the potentials and pitfalls of this technology being seen more clearly than in the emerging markets of the Middle East. The threats and dangers to mobile consumers and business are cause for concern but the actions being taken by forward-looking mobile operators point to a mobile security model that the rest of the world should follow. Gareth Maclachlan, Chief Operating Officer, AdaptiveMobile, outlines ways of combating the threats.
From mobile viruses to malware to mobile spam, the Middle East mobile community has been hit harder than other world regions. The statistics are alarming:
-
from 2007 to the first half of 2008, there has been a 1,000% increase in mobile viruses in the region;
-
currently, the average Middle Eastern operator cleans in excess of 100,000 viruses off its network daily;
-
up to 14% of all MMS in the Middle East is virus-infected; and
-
5-6% of all SMS traffic is spam.
These threats emerge in a variety of ways. In one well-publicised example that occurred in September 2007, mobile consumers in a number of Middle East countries were inundated with Ramadan-related SMS. Some of these consumers who clicked on the SMS link were charged a fee, an average of US$1.60 each. For those who did not receive a charge, the messages were a nuisance at the very least. Other consumers have seen their phones “hijacked” and used to send premium rate SMS communications, which are not detected until the bill arrives or they find their prepay balance has unexpectedly disappeared. Still others have had their identities stolen through SMS Phishing and other scams that target data stored on the mobile device.
The threat landscape for the Middle East is in reality a showcase for what the rest of the world will experience given the rise of mobile as an essential communications and business tool. What we are seeing in the Middle East is occurring in lesser degrees in other parts of the world but increases in these threat-levels are expected given projected adoption rates globally. The mobile environment is at a point similar to the emergence of the Internet in the mid-90s. Actions taken now by both mobile operators and consumers will determine how quickly mobile realises its potential.
From a consumer and enterprise model, the most obvious means to threat prevention would be to adopt the model used to secure PCs. The reality is that mobile is a vastly different environment in which the methods used by PC security firms to detect and stop threats – namely honeypots to attract threats and threat signatures in databases – are not viable in the mobile environment. These methods would cost too much to establish and maintain for mobile. This model would also place the updating and maintenance of the security application in the hands of the consumer/enterprise. This is another method that is better suited to the PC environment that to mobile. The security providers can use the PC connections to provide updates and the software does not have an adverse affect on the device functionality. For a mobile device, in contrast, updates are dependant on the consumer or enterprise user, can be costly to download and the security application can drain the battery life of the device. Because of this potential to slow device speed, many users who opt for handset controls postpone making updates, rendering the security software effectively useless.
The best course of protection lies within the mobile operator’s network. Only the mobile operator has the ability to scan the volume of communications over its network at a granular level to detect threats. The mobile operator can filter out infected handsets and stop their communications, curtailing the spread of threats and protecting the customer’s wallet. By putting security at the forefront of the consumer experience, the mobile operator will create an environment in which the innovation and potential of the medium can be realised. The best methods for mobile protection arrive from direct mobile operator contact with consumers or anticipation of consumer needs. The Middle East has seen a protection model emerge that has not had regulatory requirements to slow it down and offers consumers and corporates alike the choice of security and individual screening services. Similar to the state of the early days of the Internet, this freedom of evolution is necessary and should be at the forefront of any security initiative. Only then will we see a threat protection model that can be applied universally.
* Prior to founding AdaptiveMobile in 2003, Gareth Maclachlan was Wireless Investment Director at global VC firm ETF Group, and Principal Consultant at PWC, responsible for the UK e-business practice. He also led projects with the UK Home Office, National Criminal Intelligence Service, Interpol and other UK and European security bodies to assess and respond to the emerging national threats from the Internet.More info:
