|Africa and the Middle East 2009
|Mobile security in the Middle East
|Chief Marketing Officer
Jay Seaton is the CMO at Airwide Solutions; his experience covers all aspects of global corporate and product marketing, channel and business development for software, services, networking, telecom and application development segments. Prior to Airwide Solutions, Mr Seaton served as CMO for GlassHouse Technologies, a leader in storage services. Mr Seaton served previously as Vice President of Global Marketing for NaviSite, and was part of the team that grew NaviSite from startup. Mr Seaton’s experience also includes senior marketing and sales roles with Sockeye Networks, Banyan Systems, DAVID Systems and AT&T. Mr Seaton is a past member of the Board of Directors of the Association of Internet Professionals. Jay Seaton is a graduate of St Anslem’s University.
The growing use of smartphones and advanced mobile applications has brought a wealth of benefits to users throughout the world including the Middle East. However, as mobile operators push to capitalise on these benefits they open the doors to a variety of mobile security risks posed by mobile spam, viruses and a wide variety of frauds, that threaten the continued growth of the mobile application and services market, but also significantly, and negatively, affect operator costs and the subscriber experience.
In less than 12 months, the Apple App Store has revolutionised the global mobile industry. It has helped usher in a new wave of applications and services which combined with the greater availability of open mobile networks, lower mobile data costs and an increasingly diverse variety of smartphones has helped fuel mobile data revenue growth worldwide. However, as mobile operators look to capitalize on the rise of mobile apps and services, they should also consider the increasing risks posed by mobile spam, viruses and fraud – ones which not only threaten the adoption of mobile apps and services but also significantly impact upon operator costs and the subscriber experience. Nowhere is this more important than in the developing markets of the Middle East and Africa where according to statistics from Juniper Research, mobile revenues are likely to hit more than €107 billion by 2013. As the region’s mobile market grows, it is paramount that operators identify and combat the increasingly sophisticated array of security threats that have started to emerge on their networks. Some of these threats have been publicly discussed. In only a few months, for example, one of the regions largest mobile operators Etisalat has been hit by at least two mobile scams, both of which threatened the privacy and security of its subscribers. The first, which originated in Pakistan, was run by ‘fraudsters’ who rang mobile subscribers to obtain personal information by claiming they had won ‘cash prizes’. The second affected the operator’s Internet Mail (EIM) users and asked them to change account passwords. There are more examples emerging every week, but these two cases show that while many operators do voluntarily police potential fraudsters, the new wave in more sophisticated attacks shows the need to ensure the network security solutions offer a comprehensive range of features to combat the multiple forms of abuse that exist. Traditional approaches of just shutting off other carriers that are sending spam no longer is a practical solution. Looking at the Middle East specifically, help is at hand. Not only is there regulatory support via a protection model which has emerged to offer consumers and corporations the choice of security and individual screening services, but mobile security specialists can now help operators protect subscribers in more efficient ways than ever before. To deal with risks such as theft and fraud, operators can implement Equipment Identity Registers (EIRs) so that they can wipe a phone and lock it to prevent the data from being used fraudulently. In addition, operators can monitor and control malicious or harmful SMS traffic using anti-spam, spoof, fake and fraud products which include the following features: • Source validation which ensures that subscribers receive messages only from partner networks with which the home network has an agreement and that messages from non-trusted networks are subject to the highest scrutiny; • Parameter validation which ensures that messages in which address information has been falsified (spoof and fake) are not accepted into the network; • Flooding control which protects the network resources, maintaining service quality; • OTA (over the air) blocking which ensures that binary messages that reprogram mobile handsets or subscriber SIM cards can only be sent from authorized sources; • Virus-download prevention which protects the growing numbers of smart phones; and • Content scanning which detects patterns in the text content of a message indicating when it consists of unwanted advertising, offensive content, and enticements to call premium numbers or other financial scams For MMS (Multimedia Messaging Service), a different set of functionality is required. By using a next-generation messaging gateway, operators can track and log unusual messaging traffic patterns that could tip them off early to a malicious attack via MMS. Powerful reporting tools detail traffic logs over a configurable period of time and also offer search capabilities that would give easy access to logs over a certain period of time and to and from certain mobile numbers. Once the threats are uncovered and identified, a filter can intercept any virus-infected MMS. This prevents further damage and eliminates the virus’ ability to spontaneously replicate itself in the network. It is daunting for an operator to envision the damage to their brand and subscriber base that can occur with just one malicious attack or adult content message sent to a subscriber’s child. Although many operators are implementing policy management services to cope with the threats, not enough is being done to ensure those policy management services are comprehensive enough to deal with emerging, more sophisticated, mobile security risks. In the corporate world, businesses are starting to recognise that the mobile device – either a smart phone or a laptop with a data card installed – is essentially an extension of an employee’s workplace. Therefore, they need to address the liabilities they have as employers to protect their workers’ and their own data. In order to abide by anti-harassment legislation and acceptable-use policies, corporations must control access to data on mobile devices and to whom it is distributed. However, it is not simply a case of selling security to a corporation as a bolt-on service. When offering security, the operator’s focus should be on providing the ability to control what an employee can and cannot do on a day-to-day basis and make what employees use their 3G data cards and dongles for visible. Enforcing acceptable use policies – controlling which sites can be visited and how much data can be downloaded – gives businesses a granular level of control and prevents misuse. For small businesses without IT departments or enterprise-grade applications, there is a particular need for them to rely on the protection that an operator or carrier provides. Most operators attack fraudulent activities from a few major points in the messaging chain: • Value-added service providers (VASPs): when mobile operators have better control over VASPs, they can ensure that they respect service-level agreements and use mobile infrastructure within predefined boundaries ; • The mobile operators infrastructure: Traffic control to detect abnormal patterns, message checks to confirm legitimate senders, content filtering, and message blocking are some of the tools offered to mobile operators that can help identify and control fraudulent activity; and • Subscribers: Many mobile operators can share spam control with their subscribers by providing solutions to black-list certain phone numbers and block messages coming from these phones. As previously mentioned, many operators are now implementing anti-spam solutions at the mobile network level to help keep malicious traffic from making it to the subscriber’s handset. In addition, many operators are beginning to implement personalized applications to help small businesses and interested consumers take even further steps to protect themselves from malware and spyware distributed via SMS or MMS Spam. Some of these personalized applications allow the handset user to configure their own personal spam filters or message blocking settings right at the handset, offering an additional and more granular level of protection. They can set these filters to block SMS from certain addresses or to block messages sent on the Internet. In addition to affording protection from damaging spam, these personalized applications can also let subscribers back-up and archive their information on the network. In the event that a subscriber’s data is compromised due to a malicious attack, all of the information stored on the phone was backed up and archived via the network so the user could restore it as soon as the handset has been secured or a new one obtained. Looking to the future, it is clear that mobile security is a threat that must be addressed. As mobile phones become the link between credit card computing platform and your wallet, they create a commercial driver for making money out of spam and viruses. Networks provide a number of separate services, such as voice, messaging, data and the like, and all these services are equally at risk unless operators deploy mobile security solutions to protect their full range of services and the increasingly broad range of devices subscribers use to access the network. Operators need to protect their existing infrastructure and subscribers, and proactively manage spam, spoof, fraud and other malicious traffic to avoid an explosion of customer care costs resulting from damages caused by malicious traffic. In addition, they can market these mobile security services to users and generate new revenues. If left unchecked, the threats posed to subscriber protection, usage control and mobile malware could prevent the growth of mobile data, mobile advertising and mobile content. In fast growing regions such as the Middle East, mobile operators have an opportunity to take an early lead in the race for market share by offering high-grade security solutions to their subscribers.