Mobile Network Security: Understanding the Threat

According to Cisco CTO Padmasree Warrior, the number of devices connected to the Internet will reach 1 trillion in 2013. That is up from 500 million in 2007. Walking around during the last few conferences I've attended and seeing all the iPads, iPhones and Androids in the hands of folks, I would have thought that number had already been reached. And although this interconnectivity can help us in a variety of ways, whether for work or fun, it also increases the risk landscape. During the past several weeks I've been privy to several conversations about mobile network security and performance, through analyst briefings, press meetings, our recent webcast and more. The topic has been on my mind a lot and not surprisingly the news is filled with stories. Two came across my feeds just this morning.

ThreatPost's Dennis Fisher writes of "The Coming Wave of Mobile Attacks" where he discusses the fact that the always predicted wave of mobile malware and Trojans may be coming sooner rather than later. As people become more dependent on their phones, even using banking applications, it stands to reason that we will see a spike in these attacks. The article focuses on a potential weakness in the smart phone revolution; the app store. Fisher talks with Tyler Shields, a security researcher at Veracode, who says "...that the way app stores are set up and their relative lack of safeguards makes them soft targets for attackers looking to maximize the effectiveness and reach of their malicious applications."

The very next article in my reader this morning read "Cyber Thieves Clog Phones With Nuisance Calls While They Plunder Bank Accounts". This one was interesting because the criminals sent a flood of calls, to several different phones, of a dentist in Florida. At the same time they were draining his Ameritrade account of $399,000. Ameritrade was trying to call him to verify the transactions but, you guessed it, his phones were busy. These thieves probably grabbed his Ameritrade information through another means like a phishing attack and then used the "telephony denial-of-service" as a diversion. The article does not go into the depths too much, but one has to wonder if the attackers had actually hijacked the victim's phone service, or if all of his attacked phones were mobile or a mix of land-line and mobile.

Either way, we are seeing more and more of these types of stories and as the landscape of mobile devices continues to grow, so will the threats. The question, and we posed this during our webcast, is what can be done? The first important step is education about threats that are out there in the wild and making sure folks understand what to look out for when using their mobile network or apps. Secondly, we must harden the network infrastructure itself. In order to make this happen mobile network operators must understand their actual network traffic, threats, overall performance under load and more. Looking at the actual traffic traveling on a mobile network there can be several surprises, which is something we discussed in our mobile network webcast a few weeks back. I'm going to embed the video of the webcast below and invite you to download the mobile traffic research report, which analyzes the data in more detail Together they provide a deep look into the unique challenges facing mobile network operators, but also some deterministic steps they can take to harden their networks.