Mobile exploits aren’t yet widespread; inherent security protections built into mobile devices, operating systems and networks have thus far largely deterred malware that gets secretly downloaded to mobile devices. But mobile users are still subjected to socially engineered attacks like phishing, and technologies (like QR codes) expose them in new ways.
Criminals always follow the money and with growth in mobile broadband at the base of the power curve and the billions of devices forecast to be navigating the web, there is little doubt tremendous energy will be expended to target mobile devices. They will become prime targets especially since people are already comfortable banking and executing other kinds of transactions from their smartphones.
Mobile network operators face different challenges than their fixed network counterparts. Although mobile devices like tablets and smartphones have become extraordinarily powerful they still have processor and memory constraints as compared to even modest laptop computers. With this kind of environment, traditional security solutions (like client software) introduce trade-offs. Mobile users won’t be happy if security software noticeably impairs the performance of their devices, especially if they’re depending on it for directions or information while they’re on the go.
Using precious bandwidth for shipping security software updates is also unlikely to appeal to either network operators or mobile users. For network operators aggregate bandwidth consumption for updates will be substantial and there is a real cost associated with its use. Users like the idea of security but if the practical reality means waiting for an update rather than surfing to find the nearest restaurant they’ll always prefer the latter and will quickly tire of intrusions that interrupt their routines.
There are other, more subtle issues with mobile. With mobile devices in general there’s less opportunity to provide context and cues to users to alert them to security threats. Small(er) screens introduce unique human factors challenges. With less display area there’s a reflexive tendency to scroll to where the action is on the screen and even experienced users may miss important cues indicating a security threat, for instance by quickly scrolling below the address bar in a browser window.
Just as criminals are dependent on networks for launching their exploits, they’re also dependent on the network to harvest their gains; they need phishing sites to gather valuable personal information, drop-off sites for malware to upload personal information, and in the future Command and Control for botnets. These telltale signs reveal their presence.
Mobile network operators have a unique opportunity to address these issues. Enabling a layer of security protections in the network is an obvious alternative to traditional approaches. Network based protections offload the burden on mobile devices and eliminate the need to continually update what will rapidly grow to be billions of devices.
Leveraging the DNS as a network based security solution offers even more benefits as discussed in these posts: Strategic Vantage Point, The Power of the Control Plane, Advantage DNS. Most importantly, it allows network operators to demonstrate an active commitment to protecting their customers – enhancing their safety online and improving their overall Internet experience. This will increase their affinity for the base service and make them more receptive to other offers.