Topic: Does Anyone Really Care About Mobile Security?

[Pez]

Does Anyone Really Care About Mobile Security?

I’ve attended Mobile World Congress a number of times and it is fair to say the concept of the show has evolved over the years. Previously, when someone said “mobile” we thought of physical handsets; whereas the term today has a much more complex definition. “Mobile” now is a reflection of the Internet of Things (IoT) and the hyperconnected world we live in.

You only have to look at the thousands of connected devices presented at CES—from wearables to smart refrigerators—to see the extent to which IoT will soon be ingrained in our everyday lives. But with more devices come more threats. And security needs to take center stage if users are going to trust their devices, especially as that trust has been tainted in light of the numerous breaches last year of high-profile companies such as TalkTalk and Ashley Madison. More users now demand to know their personal information cannot be compromised; we saw this shift when thousands of TalkTalk’s customers went elsewhere after the breach.

It’s worrying that some companies have not gotten the memo. Just last week we learned that VTech had updated its terms and conditions, and what I read filled me with despair. Under the new terms, VTech says families using its software do so at their “own risk.” The company places the entire security burden on its customers, claiming it is not liable in the case of future attacks by asking its customers to accept that “any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”

When the company was hacked last year, more than 6.3 million children’s accounts were compromised, with conversations, photos, and video messages between families exposed. Do you want to live in a world in which companies can get away with this responsibility shift while selling us connected devices for our homes and for our children? I know I don’t. The implications of such a stance becoming the norm are worrying. Although the Information Commissioner’s Office has stated that the responsibility of protecting data does lie with the manufacturer, I question whether market pressure (customers) will demand better security.

Organizations have a duty to care for their customers. If the consumers companies want to reach are ever going to fully adopt these technologies, trust between the two parties will have to evolve.

This Mobile World Congress, we will be exposed to a world of exciting new technologies and opportunities as we move into an even more connected future. But as we acknowledge the move beyond the traditional handset to the new generation of digital devices, we need to address the issues around privacy, security, and control that come with them. As connected devices become more common and essential to our lives, security basics need to be the priority, right from the start. Without first establishing a foundation of trust, the exciting prospect of 5G and the wider future of IoT will fundamentally fail.


Original article: https://blogs.mcafee.com/mcafee-labs/anyone-really-care-mobile-security/

[Samker]

Very interesting article. Thanks!

---

By the way, I want to somehow develop conversation and recommend Avast's "Free Mobile Security" which I use for the past few Years: http://scforum.info/index.php/topic,7345.0.html

Beside, some common features, the one which impress me last time is "Wi-Fi Scan" which check for "routers" vulnerabilities.  

[devnullius]

Oh that's a nice tool to have, router weakness detection!! You know of a windows equivalent? Should be on my always install list then

[Samker]

Oh that's a nice tool to have, router weakness detection!! You know of a windows equivalent? Should be on my always install list then

I don't know any... but here you have few Websites:

- rom-0 bug test: http://rom-0.cz/

- F-Secure router checker (not avalilable at the moment): https://campaigns.f-secure.com/router-checker/

- Gibson Research Corporation (this one is really good): https://www.grc.com/x/ne.dll?bh0bkyd2


...and one more tool, but from different "angle"* -  "Scanner Routerhunter 2.0": https://github.com/jh00nbr/Routerhunter-2.0
(*tool used to find vulnerable routers and devices on the Internet and perform tests)