The pace of innovation is at no risk of slowing down, however the risk to the security posture of both organizations and individuals is also steadily increasing.
Mobile World Congress Americas (MWCA) 2017 just took place, with a plethora of current mobile products and solutions, and some tantalizing glimpses of future. The projections are for growth, growth, and more growth, either by equipping the mobile-less minority with mobile devices, or getting existing users to do even more with their mobiles, from controlling their toasters to managing networks of connected sensors.
The pace of innovation is at no risk of slowing down, however the risk to the security posture of both organizations and individuals is also steadily increasing. The question is: how safe will our mobile-powered future be? From the advent of 5G (the hottest topic of the conference), through wireless connectivity and the increase of IoT devices, to connected cars and smart cities, mobile and connected devices now drive our everyday activities in so many domains. But with more apps, more traffic, and more dependency, risks for security and privacy go up too.
The Highpoints and
- Rapid 4G growth. There is still plenty of capacity in 4G networks, and operators and app vendors are making the most of it. Most mobile apps are available only through the Google Play Store and Apple App Store, whose app vetting should filter out the bad actors and stop them from getting to download status. Unfortunately, neither Google’s nor Apple’s security checking procedures are 100% foolproof and there are security and privacy concerns with digital assistants and other “new generation” apps.
Security Risk 1: 4G is now 8 years old and has some inherent and lingering risks.
- Pathway to 5G. Faster and faster, shifting more data in less time than ever before, but what if 5G was simply an accelerator for getting hacked faster? The specification opens up the possibility for simultaneous connections for hundreds of thousands of wireless sensors, and we’re sure to see those sensors deployed in mission critical scenarios. Hacking a remote sensor to gain access to mobile platform will no doubt be a target of threat actors. Apps will need to be checked even more rigorously for security weaknesses and flaws, given the new app use cases for 5G.
Security Risk 2: More devices and deeper connectivity presents lateral security threats.
- IoT and 5G network architecture shift. Edge computing could mean local hacking that is never picked up by centralized cloud systems, not to mention the possibility of spoofing download addresses to trick users into installing bad versions of apps to control IoT devices. Fast, easily available app checking such as Mi3’s RECON will become even more important for these pockets of activity whose connections with the cloud mothership are scarce or even non-existent.
Security Risk 3: Introduction of IoT and edge computing offers new threat vectors for attackers.
- Convergence of telecoms and media. Amazon, Google, and others have shown how lucrative this convergence can be. Enterprises wanting to jump on bandwagon could be tempted to release apps too fast, skipping what they consider to be lengthy testing procedures (the solution is to use super-fast, automated, and highly effective security testing such as AppInterrogator).
Security Risk 4: Relentless release scheduled to meet demand mean limited time for testing.
- Increases in connected devices, machines, and places. Smart toasters, smart cars, smart cities, there is now truly an app for everything. However, from deliberately making somebody’s car crash to invading end-user privacy in urban areas, connectivity is unfortunately also the playground of cybercriminals, from the wanton hacker to the nation state saboteur.
Security Risk 5: Everything connected and always on means always vulnerable.
Progress is great, but we need to execute it responsibly, and not at the expense of personal privacy, security, or enterprise safety. Network operators, software vendors, and app developers must keep security in mind as they forge ahead to a blazingly fast and connected tomorrow, and ultimately leverage tools that can keep up with the pace of innovation. Try the RECON platform to see just how fast application security can be!