Related Stories

  • Mobile malware up 2,180% in 2012
    The rise of mobile malware is becoming an industry meme, and no wonder: As mobility starts to permeate every aspect of consumer and business lives, malware vectors are increasing.
  • Mobile wallets and m-banking: how secure are they?
    Mobile wallets, mobile payments and mobile banking – primarily based on increasingly powerful smartphones – are all expected to expand rapidly in 2012. ValidSoft and FSTech surveyed more than 100 CISO’s to find out what they think about mobile security.
  • Thales develops on-SIM mobile wallet authentication and encryption technology
    Thales has developed what it claims is the industry's first cryptographic technology capable of running in the memory of a cellular phone's SIM card, meaning that the secure m-wallet function can operate wholly on the SIM card, interacting with secure servers across cellular data channels.
  • Are mobile wallets secure enough to stop cybercriminals?
    Pan-European cellular giant Telefonica O2 has this week announced plans to launch a mobile wallet system using NFC (near field communications) technology, but a number of pundits are saying that, whilst the NFC technology is secure, mobile handsets are not.
  • Comment: Rogue Access Point Setups on Corporate Networks
    The latest in a series of wireless security articles from AirTight Networks’ Ajay Kumar Gupta examines rouge access point scenarios that could affect corporate networks (or any network for that matter).

Top 5 Stories


Data loss, Wi-Fi and NFC identified as top mobile security concerns

05 October 2012

Data loss is the biggest mobile security danger, reveals a new Cloud Security Alliance (CSA) report, but emerging concerns include rogue Wi-Fi access points and Near-Field Communications (NFC) exploitation.

A full 64% of respondents to the CSA’s global survey said that they believe that NFC and proximity-based hacking will happen in 2013. And 81% of respondents believe that insecure Wi-Fi and rogue access points are already happening today.

This is of particular concern as the proliferation of mobile devices consequently increases the use of and reliance on Wi-Fi networks.

“As we move further into an era where mobile computing is ubiquitous, we're seeing an entirely new threat landscape that involves newer concerns like lost devices and rogue marketplaces, but also a heightened level of concern over insecure public Wi-Fi as we rely more and more on access as we travel." said Dan Hubbard, CTO of OpenDNS.

And when it comes to NFC, penetration is still low, with its adoption largely confined to a few convenience store point-of-sale terminals that allow people to tap-to-pay with their phones. But the implications of using a mobile phone as a digital wallet for financial transactions is a revenue opportunity that everyone from Visa to AT&T are looking to tap, so to speak. Unfortunately, NFC brings up a whole new level of fear for many. NFC and proximity-based hacking thus rounded out the list of mobile security concerns.

Some are out in front addressing the issue before the technology is widely deployed, however. For instance, Australian banking giant ANZ has initiated its NFC contactless payment trial, and is looking to explore biometrics for enabling secure banking within its Banking on Australia initiative. And Apple, meanwhile, hot on the heels of its acquisition of fingerprint security vendor Authentec, is reportedly in talks with biosecurity firm Microlatch to include its fingerprint technology in future versions of the iPhone. Microlatch has a patented fingerprint recognition software that eliminates central processing or storage, which makes it an optimal technology to work with NFC securely.

In terms of the more real-world aspects of the report, data loss from lost, stolen or decommissioned devices unsurprisingly topped the list, followed by information-stealing mobile malware. But following these two headline-grabbing threat approaches are concerns about poorly written third-party applications opening up security holes; exploitable device vulnerabilities in the OS; insecure Wi-Fi; network access and rogue access points; insecure or rogue marketplaces; insufficient management tools, capabilities and access to APIs; and, while BYOD was not specifically mentioned in the list of the top threats, its presence is implied throughout.

“Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data, both via browser-based and native mobile applications,” said John Yeoh, research analyst for the CSA. “This without a doubt is a tremendous concern for enterprises worldwide.”

The CSA noted that the survey merely scratches the surface, but that it “serves as an important first step in a larger effort by the CSA to provide industry guidance on where enterprises should place their resources and focus when it comes to addressing mobile security threats.”

“The results of the CSA Mobile Working Group survey are testament to the security threats that mobile devices introduce to the corporate network,” said Patrick Harding, CTO at CSA member Ping Identity. “With more and more enterprises adopting a BYOD model, it is critical that mobile devices adhere to the same corporate security policies as other devices and that proper identity and access management processes are put in place to ensure the security and integrity of the organization.


This article is featured in:
Biometrics  •  Cloud Computing  •  Data Loss  •  Encryption  •  Identity and Access Management  •  Industry News  •  Malware and Hardware Security  •  Security Training and Education  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×