Sunday, April 7, 2013
Get Your Mobile Immunized
According to the International Telecommunication Union (ITU), more than 80% of mobile phone users worldwide have received an unsolicited message on their handset at some point. The hidden motive behind such messages is often to lure the subscriber into calling a premium rate number to buy a product or enter a competition. Messages are commonly not commercially focused, and in some cases can be deemed offensive, but all have one thing in common: they are intrusive and unwelcome.
Text spammers are becoming increasingly sophisticated, using methods such as imitating network providers and mobile phone numbers to send mass spam via SMS, and in doing so appearing authentic to those unaware of spammer techniques. In a ploy to outwit networks, unregistered pre-paid SIM cards are used to spread mobile junk messages. In addition, a sharp rise in mobile phone viruses has worried mobile operators, with a reported 400 mobile viruses now in existence today. There is a distinct need for operators to deploy sophisticated tools to stay on top of spam and other foreign bodies that are infiltrating networks.
Problems
It is rare for a mobile user not to have received an unsolicited mobile spam message in the form of a text message (SMS), picture message (MMS), or video message (VMS). Whilst it is standard to have spam filters on emails when using a home computer, personal and corporate mobiles that feature Internet and email access are extremely vulnerable to mobile spam. In fact, users are completely dependent on their mobile network operator to manage these unwanted communications. The conflict here is that in most cases, the operator is gaining extensive revenue from the spam, which impacts on their desire to protect the subscriber.
Some mobile operators around the world actively encourage spam by supplying content and application providers with their users mobile phone numbers and the only way for a subscriber to get rid of the spam is to switch to operator. In India some operators face spam levels of about 30% [Source: Bloomberg.net, August 1st, 2008 (online)], even after protocol-level filtering.
Another concern for mobile operators is the sharp rise in mobile phone viruses, with a reported 400 in existence today. One mobile operator has noted a rise in attacks from 0.6% of all messages to 6% over the last 12 months, averaging 100,000 virus incidents per day-up from 70,000 per day only 1 year ago [Source: AdaptiveMobile sees Sharp Rise in Volume of Mobile Network Virus Attacks (online)] .
Mobile viruses are also fast becoming a menace to businesses as they move easily between handsets and infect shared address books. These viruses spread in a similar way to PC viruses, going straight to the address book and infiltrating the phones of people who accept the SMS or MMS.
Corporate phones are particularly vulnerable to the threat posed by viruses as most employees fail to check their phone bill, sending the charges straight to accountants, and wont notice suspicious increases in call charges. To add to this worry, 86% of mobile phone users have no security software installed [Source: 2008 online well-being survey, F-Secure Corporation]. We know from our own data that subscribers whose phone do get infected can lose up to 100 Euros a day from MMS being sent from their phone by the virus.
Recently two mobile viruses, CommWarrior affecting Nokia Series 60 phones and Beselo, attacked all smartphones and have caused extensive problems for mobile operators globally. The viruses are spread via Bluetooth and MMS as a Symbian SIS installation file. Owing to Beselos ability to infect all smartphones, this virus is currently growing at four times the rate of CommWarrior.
A typical operator can have virus disinfectant rates of between 60 and 10,000 per day, with some users phones issuing upwards of 100 to 150 messages per day for the Commwarrior virus. The Besolo variant can achieve daily peak rates of up to 230 infections. The problem is likely to become more widespread, with the Yankee Group indicating that the number of enterprise mobile data users will increase to nearly 270 million by 2010, representing a 19.8% Compound Annual Growth Rate.
Solutions
To prevent mobile spam and viruses becoming a problem for their subscribers, Indian network operators must ensure they dont solicit spam. Operators also need to take a leading role in the development of built-in network security to protect mobile phones, and prioritise customer satisfaction above potential ready-money revenue generated as a result of spam and viruses.
To ensure protection from mobile spam and viruses, operators must also secure their network. This way, not only known viruses, but also anomalies within the network can be detected, isolated, and disinfected, enabling network immunisation. Having security on the network also means that employee-specific policies can be set. For example, an employee may not be allowed to download content which can be considered out of line from their business pursuits, while others may be prohibited from accessing the mobile Internet altogether-a similar approach to the one some organizations are already using for their PC infrastructure.
Whilst it will no doubt take some time to agree and set common standards, the technology is available today that can effectively protect a mobile operators subscribers through their network. As infection rates continue to rise and higher proportions of customers are left at risk, mobile phone security will become a key differentiator for customer creation and retention-particularly amongst large organisations keen to ensure that their staff are properly protected.
The constant evolution of spammers techniques, combined with the continually growing mobile telephony industry, means that the battle for consumer trust is only just beginning-and mobile operators have to make sure they are competing effectively.
