Wireless on the front lines in computer security war
As the fight between computer security experts and hackers escalates, wireless companies have found themselves standing on the front lines. In an effort to address the threat to mobile devices, one international organization representing the wireless communications industry responded by releasing its second white paper, "Today's Mobile Cybersecurity: Blueprint for the Future." Prepared by CTIA - The Wireless Association, a membership-based group that includes various players from the wireless industry including carriers, manufacturers and suppliers, the report proposes advanced solutions to thwart mobile malware attacks by focusing on five major areas: the on-going education of consumers and end users, the security of devices, the development of network-based security policies, the inclusion of authentication controls for devices and the use of cloud technology and networks.
Advanced strategies are vitally important given what CTIA deems as the “commoditization of malware.” Malware toolkits may be sold to those without programming expertise to use in their own attacks, thereby dramatically increasing the number of cyberthreats.
The chance of a widespread cyberattack on mobile devices has already been identified as a distinct possibility. In analyzing implementation mistakes made in a number of mobile devices, researchers from Hannover and Philipps University of Marburg emphasized the importance of vulnerabilities through a sampling of 13,500 applications, of which more than 1,000 contained SSL flaws. Among those apps, 17 percent were able to capture credentials for American Express, Diners Club, Paypal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime. Further complicating matters is the fact that many mobile browsers lack clear indication as to whether a connection is SSL encrypted.
Despite the chorus of warnings, one big step can be taken today for developers to protect mobile applications by implementing an SSL certificate. Protect your application by visiting Thawte - the leader in certification - and see what SSL option is best for you.