Wednesday, 26 October 2011

Mobile Phone Theft

I was chatting to mobile security expert @drogersuk yesterday and today, on the subject of mobile phone theft, about mobile phones that are stolen dialling premium rate numbers out in Afghan and India, and the real owner of the phone being charged several thousand dollars/pounds for calls they didn't make, so figured I'd make a blog post on my thoughts on this, how can this issue be resolved? is it an unsolvable problem?

Nothing is really "unsolvable" per se, but the steps I think are needed to combat this problem aren't small by any means. It's a two sided issue, on behalf of network providers and the end user.

Are we looking at a social issue rather than a technological one? Does new technology such as NFC and basing our lives in the cloud increase the risk of theft? Would the introduction of biometrics on phones put us as users at more of a risk than if we didn’t have it?

Technically - yes. Technology continues to evolve, people put more and more risk into the cloud, personal data, even as far as putting their life into the cloud and when their phone is stolen - their life is screwed.

Not too sure on the biometric thing right now, we need more time to see how the whole facial recognition unlock screen works out in Ice Cream Sandwich - personally it's a good idea, so only 1 person can unlock it but whether it will have that effect remains to be seen.

So what can network providers do?

Surely to god making a deal/partnership with a decent antivirus company like Lookout or BitDefender to offer customers to have protection software pre-installed on phones would be a good thing for the security community (although would that fall under the anti-competition issue MS is suffering with W8?)

As others have noted and pointed out, network providers need to start blocking calls to premium numbers if they notice them, I mean someone calling a number that everyone knows is going to charge a hell of a lot of money can't be normal right? or at least block them and contact the real owner via another contact number, home landline or something along those lines? Just like the malware on PC issue, it's a constant game of cat and mouse but it's better than nothing.

What can the end user do?

Be responsible! this applies more to adults than younger kids who have phones but my point remains. All the information about mobile phone security/safety and mobile phone theft and the risks involved is out there - they just have to search for it!

Sadly I still see people not treating their smartphone like any normal computer, antivirus, passwords, etc. To the very least - install antivirus - at least if people who do use the cloud can then access their phone remotely, lock/wipe it before ANYONE has a chance to use it - then phone their provider and ask them to cancel the SIM/contract so it can't be used to call premium numbers.

No comments:

Post a Comment