Mobile phone users are increasingly worried that
PC-based information security risksare threatening their phones, leaving
network operators with a choice: protect customers against malware
and other threats or lose their business.
This emerged from research in the UK, US, and Japan by security
software house McAfee. The
firm looked into mobile phone users' attitudes to information
security threats from mobile networks. The research follows a
similar study last year among the operators themselves.
Greg Day, a security analyst at McAfee, said the risks to mobile
phone users compared to those faced by PC users connected to the
internet are one to 100. But mobile phone users are increasingly
concerned that as applications such as
micro-payments and banking move onto their phones, they will
attract criminals.
He said while their immediate concern was loss of cash, more
dangerous was the loss of data, especially personal data, that
could be used to clone the user's identity or to harass them.
He said 58% of respondents worried about spam, fraudulent use of
subscribed services, and theft of data stored on their phones.
He warned of
"smishing" attacks, where a criminal tried to
induce insecure behaviour using an SMS message. "The criminal
texts you to say 'Thanks for subscribing to our dating service at
$2 per day. If you received this message in error, please to go
this website to unsubscribe'. And of course, it asks you for your
name, bank and credit card details to 'confirm' you are the right
person," Day said.
Normally it would cost the smisher to send the text, but Day
said there are now lots of sites that offer free SMS services and
random dialling facilities.
Day said network operators must assess the risks to their
reputations, operations and customers protect their infrastructures
and the mobile terminals they sell, and set up incident management
systems to clear up the inevitable attacks. Precautions included
multimedia content inspection software at network access points, he
said.
"Network operators are driven by the need to add value to
increase the average revenue per user, and the need to attract and
retain customers," Day said. Offering and promoting secure mobile
services played to both these drivers, but few customers are likely
to buy security specially, he said.
"The question for network operators is how to hide the cost when
the market is so competitive on price," he said.
Table of
computer security threats >>