Mobile phones is no more a luxury item, it has become a necessity. Look around and we see almost everyone carrying a mobile phone today. This all-in-one device acts as our bill payment gateway, storing valuable information, checking emails and also serves as an interface with our banks. However, these benefits does not come easy.
There is an increasing number of threats on mobile phones and therefore, securing the mobile device from hackers and unauthorised agents becomes a major concern.
According to the McAfee Mobile Security Report 2009, there has been an unprecedented growth in the number of mobile security threats in the recent years. The research shows the increase in the number of virus / spyware infections, voice or text spam attacks, third party application / content problems, loss of user data from devices and phishing attacks over a period of three years from 2006 – 08. Among all the threats, voice and text has recorded the highest number of attacks. Connecting to the world wide web is one of major causes of such security threats on our mobile phones. Therefore, any phone which has the capability of accessing the web and can download things from the Internet are at a higher risk of attracting viruses and other such security threats.
Kartik Shahani Regional Director, India and SAARC, McAfee
“In India there are a lot of mobile security solutions that are available, but no one is using them”
What is under Threat?
One might ask – what is under threat?
There are solutions for mobile encryption which will ensure that the confi dential information in your mobile phones is not misused. In other words, encryption is all about limiting the access to a mobile device through passwords. Market is fl ooded with variety of mobile phones ranging from low end, affordable ones to the high end sophisticated ones. Speaking to egov, Kartik Shahani, Regional Director – India and SAARC, McAfee, said “The security features also differ from one phone to another. A smart phone or a Personal Digital Assistants (PDAs) will have different security threats attached with them, while GSM or CDMA phones will have different security features attached”.
With the popularity of mobile phones among the masses and the number of value added services increasing day by day, the concerns over the security of mobile banking and payments becomes prime. Like the anti-virus softwares in our personal computers, protection of the mobile phones also becomes an area of concern. The McAfee report further says that “Today, service providers, banks, and PC manufacturers recommend the installation of personal protection products (often at no cost for the user.) But the situation is different in the mobile space. While mobile banking services are growing rapidly in developing countries, where other payment methods are rare, mobile devices continue to lack suffi cient protection features”.
SCENARIO IN INDIA
Anti-virus and other security features for mobile phones are available in the Indian market, but these are not popular among the people. There are a lot of reasons for the non-popularity of mobile security features in India. The most striking reason that one can count is the lack of awareness among the people. Moreover, there has not been any major mobile security issue that came up in India which can induce people to take mobile security on a serious note. Shahani further added that, “In India there are a lot of mobile security solutions that are available, but no one is using them. There are countries where mobile security is considered a must.
On the other hand, there are countries like India, who are aware of such mobile security solutions, but are not bothered as of now to acknowledge the fact as there has not been any major outbreak that can induce them to use such security features”. Therefore, one can say that mobile security is at a very nascent stage in India. Talking about the current mobile security scenario in India, Rajiv Chaddha, Vice President, Sales, VeriSign said, “When we are talking about 10 – 20 percent penetration in terms of applications, we are just talking about 8 – 10 million handsets. Yes it is right to say, that mobile security is at a nascent stage now, but appropriate steps has to be taken, before rolling out services to a much larger base”. Moreover, the current laws in India does not specifi cally talk about security angle in a detailed fashion. It only says – if one is caught sending spam mails, hacking emails or causing identity threats, one will be penalised.
TRANSACTION ON MOBILE PHONES
With the growing popularity of fi nancial transactions over mobile phones in India, there is an increasing threat of fi nancial losses, if security measures are not put in place at the right time. The above mentioned graph shows the areas of high concern in terms mobile security. It can be drawn from the fi gure that payments and banking are the major areas of concern. In the current scenario, mobile payments and mobile banking services are protected with only one level of security that is the user name and the password. “If someone is able to hack these two things there can be a lot of fi nancial losses” says Shahani. With the growing popularity of mobile phones in India and the various value additions that is happening, one has to check the additional layers of authentication as well. Second factor authentication is a thing that a lot of people are talking about. Also, one has to see what are the kind of passwords that are available – is it a direct password or a randomly generated one. A silver lining in the clouds is that, RBI is putting a regulation in place by August 2009, stipulating that any online transaction of more than INR 5000 through a credit card will have to be authenticated with a password.
On the other hand, a lot of manufacturers have plans for having an in-built security feature in the mobile phones. Chadha further said, “Operators in the current scenario is thinking about second hand authentication of transactions over the mobile phone”. The McAfee report also states that, “About 75 percent of the manufacturers prefer to include security technology as a preloaded and prepaid functionality or service on their devices, limiting user interaction and responsibility”.
Security of mobile phones though at an early stage will gain momentum and importance in the coming years to come. With the regular security features such as user name, passwords, encryption and second level of authentication, there is also a need for developing more sophisticated yet user friendly security features. Putting things in perspective, Shahani told, “Mobile viruses are maturing in the same life cycle as the personal computer viruses. PC viruses started off with cookies and other network viruses. Gradually, it became lethal with viruses attacking with the intention of fi nancial gain. In the mobile world also it came along the same way”. It is high time for us in India to pull up our socks before it is too late and address the mobile security issue in a more detailed and comprehensive way.