Mobile phone users are increasingly worried that PC-based information security risks are threatening their phones, leaving network operators with a choice: protect customers against malware and other threats or lose their business.
This emerged from research in the UK, US, and Japan by security software house McAfee. The firm looked into mobile phone users' attitudes to information security threats from mobile networks. The research follows a similar study last year among the operators themselves.
Greg Day, a security analyst at McAfee, said the risks to mobile phone users compared to those faced by PC users connected to the internet are one to 100. But mobile phone users are increasingly concerned that as applications such as micro-payments and banking move onto their phones, they will attract criminals.
He said while their immediate concern was loss of cash, more dangerous was the loss of data, especially personal data, that could be used to clone the user's identity or to harass them.
He said 58% of respondents worried about spam, fraudulent use of subscribed services, and theft of data stored on their phones.
He warned of "smishing" attacks, where a criminal tried to induce insecure behaviour using an SMS message. "The criminal texts you to say 'Thanks for subscribing to our dating service at $2 per day. If you received this message in error, please to go this website to unsubscribe'. And of course, it asks you for your name, bank and credit card details to 'confirm' you are the right person," Day said.
Normally it would cost the smisher to send the text, but Day said there are now lots of sites that offer free SMS services and random dialling facilities.
Day said network operators must assess the risks to their reputations, operations and customers protect their infrastructures and the mobile terminals they sell, and set up incident management systems to clear up the inevitable attacks. Precautions included multimedia content inspection software at network access points, he said.
"Network operators are driven by the need to add value to increase the average revenue per user, and the need to attract and retain customers," Day said. Offering and promoting secure mobile services played to both these drivers, but few customers are likely to buy security specially, he said.
"The question for network operators is how to hide the cost when the market is so competitive on price," he said.
Table of computer security threats >>