Interviews

Handing over the keys

by Mark Rowe

Smartphone and tablet users risk ‘handing over the keys to their lives’ because their devices lack sufficient security safeguards, a security product firm warns.

This follows a report by Channel 4 News which found that two UK pawnbrokers have been selling mobile devices which contain large amounts of personal and sensitive data including passwords, bank details and photos.

Intercede’s CTO Chris Edwards said that smartphones and tablets represent a significant security threat, since most consumer devices do not have adequate protection for the data that is generated and stored on them. This is despite mobile device manufactures creating embedded secure elements and features within phones that are able to support enterprise level security, and SIM manufacturers producing Universal Integrated Circuit Cards (UICC) that can do likewise.

Edwards argued that fundamentally, there is no difference between consumer and corporate devices, with the difference lying in the device management and installed security software, calling for device manufacturers, security vendors and mobile network operators to work together to educate and role enterprise level security out to the wider population.

Edwards said: “The public are generally becoming better informed about online security threats, but strangely this does not extend to their mobile devices. As we live our lives increasingly through these devices, including using and storing sensitive data in online banking or social media apps, we are entrusting the keys to our lives to a single device that can so easily fall into the wrong hands. Nor is it just data: our devices also contain access permissions and cached passwords which, although not immediately ‘visible’ to the user, can be gold dust for criminals.

“In spite of this, mobile security comes low down on consumers’ priorities when it comes to choosing a device – if they consider it at all. The result is that we are creating great repositories of personal and sensitive data which are inadequately protected when the device is lost, stolen or given away.

“Part of the problem is that security is perceived as compromising ease of use; however modern enterprise mobility security technologies show that highly secure solutions are actually much easier to use than the current scourge of long, complex yet insecure passwords. It is time that consumers had the same protection, including two-factor authentication, like you get with a chip and PIN bank card (something you have and something you know), personal IDs and credentials stored on a secure component of the device – such as the SIM or Trusted Execution Environment, and remote device wiping.”

He said that one of the main difficulties was that much of the sensitive data stored on devices was ‘invisible’ to the user, and called for greater efforts to educate consumers about how much information is accessible through their smartphones and tablets.

“There is no reason why consumers should not enjoy the same level of protection as large corporates; however, this requires that a conscious effort to protect their mobile data. More must be done by manufacturers, service providers and security tech firms to educate the public about the risks, to provide solutions, and demonstrate how strengthening security does not impede the ease of use which make these devices so attractive to use.”

Related News

  • Interviews

    Key to BYOD

    by Mark Rowe

    Ronan Lavelle, CEO of Azurati writes about the BYOD boom: and argues that making it secure is key for your business. Irrespective…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing