There has been much discussion on the security risks that mobile phones pose – from malware targeted specifically at stealing information residing on smartphones, to the new era of BYOD and the challenges of securing the explosion of new devices that have entered the workplace.
However, there’s another side to this picture, where mobile devices have an important role to play in enhancing security, providing an extra layer of protection for services such as online banking, physical access to buildings and authenticating the user to access PC’s.
Today, smartphone’s have an important role to play in security, and their core features and design could drive future innovations using biometrics and GPS to strengthen security for both consumers and within enterprises. What are the advantages of the mobile phone as a security enabler and how will the mobile device become an essential tool in enhancing consumer and enterprise security?
Striking the balance
As with any security measure, there is a balance to strike between ease of use and providing a high level of protection against threats. However, security can often become an onerous task and, all too often, if it is too difficult, people will find ways around it. The key to protecting personal or corporate data is to have strong, seamless and easy-to-use security measures in place, and the mobile device is a prime candidate to provide exactly that.
The mobile has become an integral part of people’s lives, and for most of us, carrying it around at all times is not unusual, which makes it such an appealing option as a security device. Other forms of security such as the traditional hardware token have not offered the same convenience, requiring users to carry an additional physical device at all times which can be easily forgotten or misplaced.
This has meant that users have been resistant to this technology, but by integrating a soft token into a mobile device, users can be protected and authenticated in every activity on that device, often without them even knowing.
In terms of security, the hard token is effective against password theft and traditional forms of security hacks, i.e. Playstation or LinkedIn where user’s passwords were compromised. However, hard tokens are easily defeated by more advanced types of criminal activity such as Man in the Browser attacks, whereas mobiles can offer an additional layer of defence, which can help to defeat this threat.
An extra layer of defence
Today, most people enter financial information or make some kind of financial transaction on their PC, however traditional methods of security such as hard tokens and card readers have been somewhat unwelcomed by users because of their poor usability. Currently, UK shoppers abandon over £1 billion of online sales due to inefficient identity measures, so it is clear that online payment security needs modernisation and to become more user friendly. The key to strong authentication security is to adopt a layered approach, and the mobile can provide this additional layer.
Financial transactions can be verified using a mobile device via SMS – or even better through a native smart phones application – and, unlike the card reader, the mobile method is simple and user friendly and could help strengthen security. However, mobiles do not only provide greater usability, they are also more resistant to sophisticated attacks such as Man in the Browser malware.
PC browsers have been around for over 10 years and have a ubiquitous footprint on the desktop, so the PC cyber threat is more mature and lucrative for criminals. Most mobiles have dedicated applications for financial transactions, so not only would a criminal have to crack the mobile browser, but they would also have to hack into the dedicated application and reverse engineer it, which would take a lot of time and effort for what could be a very small financial gain. For criminals, it’s all about return on investment, therefore an attack of this kind on an individual, is highly unlikely.
What makes the innovations of the mobile device so exciting are the possibilities that it opens up for consumers and enterprises. The mobile has built in features such as the camera, geo-location and voice channel, which, offer huge potential for strengthening security. We are already starting to see big players such as Apple, who recently announced their recent partnership with AuthenTec, exploring the possibilities of using biometric technologies such as fingerprint scanners and voice recognition to authenticate mobile payments and user’s identity.
Geo-location is already being used for satellite navigation and, in some cases, for tracking stolen devices, however this function can also help to identify potentially fraudulent activities, by comparing the location of the transaction to the location of the device – in a similar way that your bank may query, or even block you from using your bank card in a foreign location.
The mobile revolution is driving new possibilities in enhancing security to suit our lifestyle and behaviour, with convenience at its core, and it is also driving many beneficial uses within the enterprise. In my opinion, certainly over the next decade, the mobile device will become the leading authentication method.
As innovative software vendors — with a mission to provide secure, convenient and cost-effective solutions — forge ahead, we will see mobile-based security solutions that will extend to many new facets of our lives. This evolution will replace not only passwords, but also physical security devices such as access cards, keys and even travel documentation.