Saturday, May 5, 2012

Smartphone Development Threat

The Open Source Security Threat
Fast moving mobile phone development has made Open Source software development a popular approach. One particular reason for the popularity of open-source in organizations is that it has been proven to cut costs. The value of this development methodology is not just the design of the software but the marketing opportunity it provides to organizations and individuals. Open source platforms are provided by Google (Android), Palm (GNU/Linux), Nokia (Maemo) and Apple (iPhone).
The open source model allows much greater creativity as it differs from the more corporate centralized development models that have been used to date (BlackBerry is an example). The essence of open source is public collaboration which results with a peer production development of open source software in particular in the mobile phone software industry.

Fast Development
The open source community is developing very fast these days, galvanized by mobile phone developers. Open source software development however, does have potential security risks both for corporations and individuals. Too often the open source communities that offer their software for free don't appear to be as mindful of security practices as their commercial counterparts, which charge for software and support.
New prospects for social engineering, such as figuring out when you are away from your home for crime purposes (sites like PleaseRobMe.com) do just this. Of the same ilk, facial recognition technology and the tagging of users in photos on social media sites blur the work-home boundaries even more. For example, police officers have already come under attack, after their identities were breached by social media and facial recognition technology.

Near Field Contact
NFC (Near Field Contact) technology is an interesting example of innovative technology that aims to deliver convenience for consumers. However, it will introduce a new dimension of challenges for security professionals making mobile devices much more interesting as a target to steal money. There is a push to build NFC technology into mobile devices, enabling users to make payments or pass on personal information with a simple swipe of a mobile device over a reader. This will further transform the smartphone into the single device from which most aspects of your life are driven making it even more attractive to cybercriminals.

Third Party Applications
Mobile devices are also starting to define their architectures based on modern working practices - BlackBerry (for example), has introduced a feature which provides two isolated working environments on the same device (sandboxing), allowing you to separate work and play data. Even those with a strong security reputation like BlackBerry have been victims (of exploitation and breaches) too. While malware attacks for mobile devices are undoubtedly different, they are still entirely possible.
There are those that believe that the open source nature of Linux (for example) provides a primary vehicle for making security vulnerabilities easier to identify and fix. The main advantage here is that the community can review the source code and make the code more secure, which in turn facilitates potential security best practices. Users and time will decide whether this is actually the case. The advent of social websites such as Facebook, MySpace and Twitter have led to a surge in third party application development for desktops, laptops, tablets and smartphones.

Facebook & Third Party
Facebook, the fastest growing of these social websites allows publishers to develop third party applications to improve the Facebook experience. Closer inspection of most third party applications reveal to the users that they all require your 'login and password' details. It appears that most Facebook users don't believe this is a risk to their identity. Maybe it isn't, but how do you manage the risk of your 'login and password' details falling into the hands of a cybercriminal? The major risk is if you are paying for third party software, the software might steal your financial login data as well as installing malicious software on your smartphone. The final infiltration will occur (as the last security flaw) when the mobile user connects to their PC via either Bluetooth or USB, and you receive a cross platform infection from the third party software to your PC. There are no instances I know of where this has happened yet, but in time this attack vector will surely appear.

In Conclusion
It is the development of open source software that may well lead to these security issues and many others to be discovered. New functionality breeds fresh opportunities for the bad guys. New features like augmented reality, facial recognition and integrated social media could leave users open to new kinds of abuse. Augmented reality, for example, connects location information with a user's social media "friends", enabling them to identify digital contacts nearby. We will find out in the coming years whether open source software development has opened up a security hornets nest. Users meanwhile, need to embrace the Security Suites offered by companies like Bullguard, Kaspersky Mobile 9, ESET, Panda, AVG, Trend Micro, Webroot, F-Secure, Norton, etc. to lock down their systems.

1 comment:

  1. This is one of the significant post.I like your blog creativity.This is one of the great post.
    iphone app development

    ReplyDelete