Three Key Security Takeaways from MWC 2015
This is a guest post from Emma Ban at Bitdefender. The original post appears at their website here.
This year’s Mobile World Congress (MWC15) was the biggest yet. With over ninety three thousand attendees from two hundred countries and speakers from all industries touched by the mobile market, the event was abuzz with mobile innovations. But, mind you, the show’s major theme has evolved since its first edition ten years ago. It’s not just about ‘mobile’ anymore. It’s about mobility and all the connected devices that make up the Internet of Things. And we could clearly see a number of trends shaping.
In this article, we’ll look at four emerging mobility/IoT trends and key security takeaways.
Wearables in the Enterprise
Wearables were everywhere at this year’s MWC. Not only big established companies like Huawei, HTC, LG, Sony, and Motorola launched smartwatches, smart glasses, headsets, and even wearables for dogs, but also smaller manufacturers. However, even before the show, it was pretty clear that the wearable market would take great proportions in the years to come… in the consumer segment. What’s also become clear during the MWC is the wearable adoption by enterprises.
“We are now shifting the business process of our enterprise customers to adopt wearables,”
said Jurgen Winandi, Head of Augmented Reality Integration at Swisscom AG during an interview at MWC15. And according to Winandi, it’s just a matter of building the business case for the enterprise management.
This business case, however, will inevitably touch upon a company’s BYOD policies. With the amount of data – from location to health data and other personal information – gathered by wearables, it is imperative that companies do a thorough risk assessment of these devices before allowing them to get connected to company networks, and educate employees about the risks.
A recent Bitdefender survey conducted among US employees on the BYOD topic revealed that half of them store work-related data on their personal mobile device(s), 40% have nothing in place to prevent unauthorized access to their mobile device, and two-thirds either don’t know about the remote wipe capabilities in their device, or they haven’t activated it.
Startups focusing on mobile
Among the many small manufacturers exhibiting at MWC15, we could see hundreds of startups presenting their mobile innovations. While this demonstrates how dynamic the mobile market is, it also brings into question how “secure” these innovations are. With most new startups, there seems to be a pattern in how they look at the security side of their cool technologies and offerings:
- They start out with a limited budget and need to gain user adoption fairly quickly. So their focus is on ease-of-use and cost, not security.
- White-hat hackers / security researchers start investigating the security capabilities of these products, and, more often than not, they find security flaws.
- As the products gain user adoption, the bad guys also become more interested in exploiting the vulnerabilities in them.
- Only at this point, these companies start patching security into their products and paying more attention to it.
Granted, this happens to most startups, not all. Some of them are focused on security from the get-go, and not only that, but they actually propose some very interesting security solutions for mobile devices. An example here would be CUPP Computing; at MWC15, the company demonstrated its innovative solution for mobile systems that uses a microSD card to secure a mobile device. All traffic is routed through this microSD, and filtered by many security layers, including Bitdefender antimalware technology. It’s similar to a UTM appliance, but for mobile.
The expansion of the smart home ecosystem
Smart home automation systems are nothing new. But manufacturers are bringing to light more new devices and appliances that can connect to a home system. At this year’s MWC we saw some interesting concepts like the Bluetooth toothbrush, and even smart furniture that charges your phone wirelessly – courtesy of IKEA. And we even saw how an AT&T home system can be accessed from a car. Just imagine being able use your car to switch your Nest thermostat to home mode on your way home. Pretty convenient, right? However, looking at the recent security flaw discovered in BMW smart cars, this scenario may turn pretty gloomy – security flaws in car systems or even home systems may allow a hacker to control your home locks and vice versa. The BMW example is just one example that raises a flag with regards to how much security is integrated into these innovative systems from the get-go and how secure their internet connection is.
Connected autonomous cars
Volvo, Maserati, Renault-Nissan are just some of the automakers that showed their smart connected cars at the MWC15, many of them announcing the development of driverless cars. Again, one could see the advantages of owning such a car, but – speaking of gloomy scenarios – a hacker could work out a way to break into the car system, and potentially turn off the brakes, change the navigation or shut down the car completely while driving places. This is when a security breach can really become dangerous.
Now, in all fairness, IoT security was also a major theme at the event. And there seems to be agreement in the industry that we need to move from the traditional mindset of locking the device, encrypting it and adding more perimeter security, to one focused on application security, user education and risk management. We may add: security at every connectivity level is a must, so that if/when a hacker manages to break one layer, they cannot seamlessly access an entire network. But that requires better collaboration between manufacturers whose products become more interconnected.
Key security takeaways
The show’s shift in focus from mobile phones to the mobility is only a reflection of today’s connected life. And device manufacturers bear the responsibility to take the security and privacy aspects into consideration when building their devices. At the same time, companies looking or planning to employ these new mobile technologies, should be wary of the risks they pose.
So what are the key security takeaways from this year’s Mobile World Congress?
- With the advent of wearables in the enterprise, the revision of BYOD policies and employee continuous education about BYOD risks become imperative.
- These innovations need to be produced with security in mind from design stages.
- Application security, risk management and industry collaboration are imperative.
Thu Mar 19
This is a guest post from Emma Ban at Bitdefender. The original post appears at their website here. 3 Key…by
Tue Mar 17
The following was released by the prpl Foundation prpl Foundation Announces Formation of Security Working Group to Define Open Framework…by
Tue Mar 03
BARCELONA, March 2, 2015 — CUPP Computing will demonstrate its innovative Mobile Security Engine™ (MSE) technology at Mobile World Congress…by
Sun Mar 01
A version of this article appears at Embedded. It’s a depressing time in enterprise security right now. Hacks of customer data…by
Sat Feb 28
A version of this article appears at IEEE’sComputing Now blog. It’s easy to get frustrated with the security problems we all face…by
Fri Feb 27
A version of this article appears at EE Catalog. NPR and Ars Technica, working with Pwnie Express, recently cooperated on an…by