by Stephen Bryen
Sponsored by SDB Partners LLC
Thanks to modern computer technology, privacy has been taking a beating. Nowhere is this more the case than with the mobile phone, particularly mobile phones that are also powerful computers – Smartphones.
- In 2011 the number of Smartphones sold exceeded the number of PC’s sold.
- In a few years the number of mobile devices will dwarf the number of PC’s.
In 2011 there were 5.9 billion mobile subscribers – one each for 87% of the world population. There presently are 1.2 billion mobile web users worldwide. In 2011 there were 8 trillion text messages. In the last three years 300,000 mobile APPS were downloaded 10.9 billion times. Paying by mobile was worth U.S. $240 billion in 2011 and will be U.S. $1 trillion by 2015. Between 500 million and 1 billion people will access financial services by mobile by 2015.
Like PC’s, Smartphones are vulnerable to hackers and intruders, but the problem is more serious. In order to be useful, Smartphones always have to be open to networks and, if compromised, can even be switched on when they are supposedly inactive. In fact, the only way to effectively kill a Smartphone is to remove its battery, but in some products the battery is integrated and average users cannot pull the battery out.
The Smartphone is a hacker’s dream. Not only can he see and exploit what is on the phone, but the phone itself is an open window on the user’s activity. It can hear his voice and the voices of others even when the user is unaware, it can turn on the phone’s camera and it can provide an exact location so the user’s location is known. This gives possible terrorists and criminals knowledge they should never be allowed to have. A 21st century assassin may be tapping the Smartphone of his victim.
Attacking Smartphones is so popular that there are hundreds, if not thousands of companies in the United States and around the world producing spy phone software. Watch the advertising – you can find out what your wife or girlfriend is up to, listen in on competitor’s conversations, find out where your children are and where they have been, and much, much more. Not only, you can read their emails and “texts”, look at their calendar, hear what they say.
People have come to think of their Smartphones (and sister tablet devices) as indispensible, leading some to rationalize away the known threat of hacking by saying, “well I have nothing to hide” or “there is nothing in my emails that is in the least interesting to anybody.” But it isn’t true.
Today’s smart phones use social media just like computers, so Facebook, LinkedIn. Google+ and other social “apps” are providing important information that can be used to “get to” the target, for example through his children, friends or colleagues.
Government agencies and military organization are at considerable risk. While departments handling sensitive information may require to be locked up on certain occasions or in certain sensitive locations, most of the rest of the time the Smartphone is “on.”. Consider a typical Pentagon employee who wants to stay in touch with a child or a spouse or an elderly parent. Today it is hardly practical to isolate people or get them to support a policy that isolates them during the working day.
The same is true in industry, in the financial services sector, in health care, and in energy and transportation. We are talking about huge numbers of people, all of whom can be a target of an intruder or hacker.
Given the immensity of the potential sources of data, it follows that aside from individuals hacking their wives, kids, friends and co-workers, the real beneficiaries of the smart phone revolution are foreign governments who can be plugged into top decision-makers and military leaders and hosts of other decision makers in targeted countries.
For the United States the attack on smart phones and tablets represents a national security threat. As a reservoir of technology, know how, finance, and military prowess, the U.S. is, to say the least, the world’s number one most tempting target. It should come as no surprise the smart phones in the United States are under constant attack, just as are computer networks. The difference is that the mobile platform is delivering critical information in real time.
U.S. laws and export controls do not block the sale or export of spyware or the underlying technological know-how. Law makers need to look into the absence of export controls and push the administration to urgently address the issue.
Can we stop spyware and spy phones? Is there a technical solution?
One proposal being looked at is that government senior-level personnel use specially designed, and very expensive, secure mobile phones. According to news reports, Boeing has been commissioned to build a secure smart phone for top government officials.
Custom-designed products compete poorly against commercial smart phones. The U.S. government has, from time to time, sponsored efforts to build special solutions. Most of them fail because they rapidly become obsolescent.
Another approach is to use anti-virus software and anti-malware software on Smartphones. Up to a point these work against known targets, although they often lack the horsepower to actually clean the phone without wiping it completely. The problem with a complete wipe is that backups of data and APPS cannot be used because the old infection is still inside.
A new start up company, Ziklag Systems (http://www.ziklagsystems.com) has a solution that can actually clean off both known and unknown spyware. The technology to do this is complex, but the clean-up can happen without losing vital data from the phone while saving all non-malicious “APPS.” Ziklag’s technical team has been working with Israeli government and defense officials, where the threat of spy phones is very real and could imperil the country’s security. Ziklag is now in the process of moving its technology to the United States and should soon be in a position to help American governmental agencies, critical infrastructure clients and the financial community.
As decision-makers in government and industry realize the risks involved, the market for effective solutions for mobile Smartphone and tablet security is likely to grow very quickly. So too will the risk to national security markedly increase. It is important to think urgently about shutting down the supply of tampering and intrusion products targeting Smartphones and tablets, and to support solutions to block the most dangerous spy phone attacks.