Only a brave laggard would claim that the world of mobile communication isn’t undergoing a paradigm shift. While marketers and researchers are rushing to stay abreast of how consumers are using portable Internet-enabled devices to perform a growing range of tasks, large global communities of developers and users are already driving and living these changes every day. The convenience of a widely available broadband Internet connection combined with powerful portable devices has led to explosions in both the quantity and variety of online activities consumers engage in using their mobile phones, tablets, and laptops.
Digital research company comScore has branded this current generation of technology consumers “digital omnivores,” those who leap effortlessly between devices to satiate their endless appetite for the fruits of the Internet. Ultrabook™ devices are taking powerful PC performance mobile in a big way. And the meteoric rise of tablet and smartphone penetration in global markets from the United States and Mexico to South America and Africa is bringing previously unconnected markets into the Internet ecosystem in huge numbers. According to Tata Communications, Africa has added a colossal 316 million new mobile phone subscribers since 2000, a trend which, along with a blossoming mobile broadband infrastructure, is contributing to an explosion of Internet connectivity in the region. Meanwhile, smartphone penetration exceeded 50 percent of the total U.S. mobile market for the first time in 2012.
Consumers are using an ever wider variety of hardware, with single activities being performed across multiple devices. In August 2012, a Google study1 found that 90 percent of consumers are using multiple screens sequentially during browsing, with 67 percent doing so for shopping. Consumers are embracing seamless cross-platform e-commerce and other secure activities at a level that has never been seen before. According to comScore, as of June 2011, 16 percent (nearly 37 million) of all U.S. mobile phone users were accessing online financial services, including banking and credit card services, using their smartphones. The use of mobile devices by U.S. consumers for online shopping grew by 87 percent from 2010 to 2011, reaching 28.5 million people, a trend that shows no sign of abating.
But behind the big numbers and bold buzzwords, something else is going on that merits the attention of every mobile Internet user and which the security experts at McAfee are deeply concerned about. So far, the dark underbelly of illegal Internet activity—ID theft, phishing, hacking, and other nefarious deeds—has been primarily associated with the more classic face of computing: desktop PCs and laptops. However, times are changing. Only a few years ago the under-the-hood processing power and capabilities of the average mobile phone could just about manage to send a multimedia message. Today, for the majority of those using mainly apps and browsers, there’s almost no noticeable performance difference between a current generation smartphone, tablet, or Ultrabook device and many considerably bulkier laptops and desktops, plus there is often even greater connectivity. This is leading to the use of portable devices for increasingly complex—and private— tasks, which in turn puts them in the cross-hairs for criminals.
“When people think about their smartphone, they think of it more as a phone than as a fully capable computer with four ways of accessing that device wirelessly. The reality is that those devices are equally at risk, if not more at risk, because of the way you use them.”
— Gary Davis, Vice President,
Global Consumer Marketing, McAfee
The inherent dangers in using multiple devices to perform activities such as banking and e-commerce are obvious, and yet often ignored. Each additional device into which a user has entered credit card or password information increases the danger of that information being stolen or misused by hackers or criminals. However, while most PC and laptop users don’t think twice about ensuring their systems are equipped with anti-virus and malware protection at the very least, taking the same precautions is not yet universal when it comes to mobile devices.
Recent research2 by the National Cyber Security Alliance and McAfee found that two-thirds of U.S. smartphone owners have never installed any kind of security software onto their phones. Paradoxically, users are demonstrating clear awareness of the security risks involved when connecting on the move, with almost two-thirds deciding not to download apps because of concerns relating to identity theft, privacy, data collection, and the reputation of the service provider. So while there is awareness of security issues, a disconnect exists between that and how users are actually securing their devices.
Despite their wariness, consumers generally feel that mobile devices are safer, a point of view for which there is valid justification. The current security threat level on mobile devices is nowhere near that for PCs, but that could be changing soon. “Today, hackers are spending a lot of their time going into devices, not because they’re necessarily less secure but because there’s more of them out there. It’s the law of large numbers. Hackers tend to go where the volumes are.” And with emerging markets and growing penetration comes increasing volume, dangling ever more tempting carrots in front of the world’s high-tech criminal elements.
As with any field of development, it takes time for malware and virus programmers to master their platform. “Right now we’re still early in the development of malware targeting mobile devices so most are quite rudimentary, but I think we’ll see the level of sophistication increase,” said Davis. “They’re going to get better at building and distributing malware, resulting in more sophisticated and more targeted attacks on mobile devices.”
A good example of how hackers have updated their tactics to take advantage of smartphone users is the recent story of a 20-year old programmer apprehended in northern France. He created a seemingly bona fide smartphone app that automatically sent text messages to a premium number he had created himself. Using this method he was able to collect small sums from an estimated 17,000 individuals, amassing approximately half a million euros in a little over a year. With literally hundreds of new apps released onto the world’s app stores every day, it can be difficult for consumers to determine the difference between legitimate and malicious apps.
This is where anti-malware software, such as McAfee’s cross-platform All Access* security offering, can help, scanning the behavior of apps to notify users when they are about to do something that might be harmful and handing them back control.
“We have a capability called App Scanning,” explained Davis. “We know apps with malicious intent display certain characteristics. For example if you have a flashlight application, it doesn’t need permission to look at your voice records, call logs, or location data. So if the app is looking for permissions that a flashlight app shouldn’t have, App Scanning would notify the user when he downloads the app so that he may want to reconsider.”
In addition to the dangers presented by intentionally malicious apps, in October 2012, researchers at Leibniz University of Hanover and the computer science department at the Philipps University of Marburg tested the security of 13,500 of the most popular apps available on Google’s play store and discovered serious vulnerabilities in eight percent of them.3 They found that these 1,074 apps were exposed to “man-in-the-middle” attacks, allowing hackers to capture user data, including login details for anything from online banking and email to social media, and even making it possible to remotely remove apps, including a security application. The researchers also carried out a survey of 754 users and found that around half were unable to correctly judge the security of a browser session on their mobile device.
Encouraging consumers to secure their devices and to develop awareness of safe usage is a large task, but the work has already begun. “Education is one of the things we’re working on with Intel,” said Davis. The hope is that the process can be well underway before the scale of the opportunity becomes so irresistible to hackers that the ticking time bomb of mobile security explodes.
“I think we’re headed for a wakeup call where there’s going to be a massive outbreak,” said Davis. “We saw this in the early days of computer viruses, where it takes a big outbreak that dramatically affects lots of users before consumers use proper safeguards. I would like to think that we can get ahead of that through education and ensure that people have the right security controls on devices, but I think it’s going to take a severe event for that reality to take hold.”
McAfee and Intel are doing their best to head off any such potential disaster with a broad-ranging communication campaign. “We’re working with industry media such as CNET, PC Magazine, and PC World to help people understand some of the risks associated with protecting devices other than PCs,” said Davis. “We’re also working with Intel on a consumer education awareness program, reaching out to bloggers and other social media, so it’s a multi-touch program. We’re trying to use every possible method to get the word out.” Close relationships with other industry partners in the value chain are also vital to ensure the message reaches users. “We are working with the manufacturers who build the devices (such as Samsung, DELL, and Lenovo), those that make Ultrabook devices, and those that build the handsets,” said Davis. “We have to make sure that we’re engaging and having a dialogue. We also have to work with the carriers, those that provide devices to consumers. We’ve taken a multi-pronged approach, and we’re working with every provider in the mobile chain.”
Another positive factor that will influence consumer perception of mobile security is the evolution of the Ultrabook device market. With the new generation of systems that blur the lines between powerful, highly portable laptops and tablet hybrids, it’s possible that good security habits will follow users from the land of traditional laptops into these smaller, portable form factors. Pursuing hardware-based security measures is another key weapon in the two companies’ security arsenal. “Continuing to explore ways that we can use hardware to assist in the security function or, better yet, accelerate the security function, is going to be an important part of Intel’s and McAfee’s work,” said Davis. “The more we can rely on silicon to do some of the heavy lifting for security attributes, the better it’s going to be for users. For example, having products like anti-theft in Ultrabook devices provides a level of protection that I think is unrivalled in the industry.”
Ultimately, Intel and McAfee are focused on evolving their security offering to adapt to the changes in how consumers use connected devices, concentrating on the cross-platform experience rather than specific devices. “We need to transition from protecting what devices you use to protecting what you do,” said Davis. “I bank, I socialize, I network, I e-mail, I do all these things online. We need to work out what we can do to ensure that we’re providing the optimal level of protection that allows you to do those things in a safe way.”
1The New Multi-screen World: Understanding Cross-Platform Consumer Behavior (August 2012)
2The National Cyber Security Alliance conducted a study with McAfee to analyze the cyber security behaviors and perceptions of Americans. The study was conducted by JZ Analytics, which surveyed 1,000 adults nationwide from August 31, 2012 to September 3, 2012.
3www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf and www.bbc.co.uk/news/technology-20025973
Author: John Tyrrell