Operators given mobile security warning


But with responsibility comes opportunity...

Mobile operators have the opportunity to differentiate themselves, secure customer loyalty and even additional revenues by providing "clean pipe" services to customers and partners, but must act before regulators and governments force through flawed rules forcing compliance, Mobile Europe has been told.

Currently, there is agreement across the industry that there is a marked increase in the amount of security threats to mobile device users. Andy Dancer, CTO EMEA of TrendMicro, told a London audience last week that the rate of growth of malicious applications is "dramatic".

"Get ready for take-off," Dancer said, "Only a lack of an apps monoculture has been saving us to date." However, both Android and Apple are now reaching sufficient scale in the apps community to attract malicious apps, experts warn.

It is the Android platform, though, with its more open architecture and fragmented number of versions, that is more at risk. Geoff Casely, Managing Director EMEA, NetQin Mobile, said that the number of Android malware threats detected by the NQ Mobile Security Research Team increased from less than 500 at the beginning of January 2011 to more than 9,900 at the end of December 2011, a 1,880% increase within a single year.

"We are seeing a dramatic increase in the sophistication with which cyber criminals exploit vulnerabilities on smartphones," he added. "Rootkits, botnets, and other advanced forms of malware are becoming a major concern for our security experts. We also need to look at the standardisation of mobile OS security as the platforms mature. The wide range of OS variations puts consumers at risk, as older platforms are more susceptible to malware infection."

Thorsten Schneider, Global Head of Security Solutions at Nokia Siemens Networks, said that the growth in the smartphone market meant that mobile malware had got a "lot more interesting" for criminals. He named m-payments and banking, sensitive company data and access to the phone dialler or messaging client as attractive targets.

With this threat has come both responsibility and opportunity for mobile operators. TrendMicro's Dancer warned that if the industry doesn't take care of its responsibilities, then it may be forced to do so by regulators, in a manner that is unwelcome.

"The industry must act or it will be forced into acting. With a single victim, it [being hacked] matters to the customer but not necessarily to the operator. But it only takes one high scale or high profile hack and then you can end up with rushed or bad regulation," Dancer warned.

Schneider said that NSN's view is that operators can go beyond fulfilling a duty to protect their consumers, to using security protection as a revenue generator. Operators are investing in network-level security to enable these services, Schneider said, as well acting as distributors for client level software. Operators could even profit from providing such a service, charging users a premium for "clean pipe" services, or bundling such a services into a tariff for a high value customer, or enterprise client.

"The operator has a responsibility but it is also in a unique position to provide security protection as a service, rather than as a one-off download," Schnieder said.

One issue for operators, though, is that they cannot control all aspects of a user's experience. A user may be accessing services, websites, and app stores outwith direct operator control. Here, a combination of

"Operators need to look to both educate and protect mobile users, as soon as they turn on their mobile device," Casely said. Through providing their customers with preloaded security platforms and enhancing network security through real time monitoring and network controls, operators can help ensure that their customers remain protected from malware and other security threats," Casely argued.

For example, NQ Mobile has an Operator Partnership Program that provides mobile operators with security solutions for their customers.

"In most cases,' Casely said, "We are able to rapidly deploy preloaded NQ propositions to their subscribers; normally on a revenue share basis."
NQ Mobile also offers operators the ability to utilise its cloud intelligence capabilities to empower a host of "powered by" integrated services across the consumer channel and into enterprise space.