Can Mobile Phone Security Keep Pace With The Capabilities Consumers Demand?
Mobile phones have evolved significantly over the last decade, from being mere communication devices to appliances that are expected to simplify everything we do. To quote an old Doors song, We want the world, and we want it NOW! Designers and app developers have been more than eager to fulfill our demands, too, knowing that whoever offers the greatest array of capabilities will dominate the market (and make the most money).
With our mobile phones, we can communicate in any number of formats, keep track of our travels and finances, monitor our own and our families and employees movements, and even control essential systems in our homes and businesses. Many utility companies, such as British Gas, are offering customers apps to provide them with greater control over home and business energy usage, and some municipal water supplies and power distribution systems have implemented proprietary apps with which they can more efficiently manage their systems.
Are we broadcasting too much information about ourselves?
Along with that added convenience and efficiency, however, comes increased vulnerability to intrusion and abuse by outside entities, from juvenile pranksters to criminals and even terrorist groups. We naturally are concerned with the security of our banking and credit card apps, but how many of us give thought to something as seemingly insignificant to others as the app we use to regulate the temperature in our homes and businesses, or the apps we use to keep track of family members or employees? If access to such information were to become available to criminals, for example, they would be provided with the times when we were usually away from our homes, or, in the case of GPS tracking apps, our exact location at any given time. It doesn’t require a particular stretch of the imagination to recognize how such information could be used.
Security is getting better, but it is still not foolproof.
There have been many strides in the way we secure the information on our mobile phones, as well as the information we access with the devices. Fingerprint recognition seems like a great alternative to passwords, and along with other types of biometric security measures, is highly favored by young users who utilize many apps and suffer from password overload. Unfortunately, truly effective fingerprint or retina scanning requires a scanner whose resolution is much higher than can be readily included in a device that fits in ones pocket. Hand position or ear scanning is being actively pursued as an alternative, but will likely not be available for some time yet.
There is even research being done on miniaturized DNA scanners as a potential replacement for alphanumeric passwords, but the technology for such a system is also far from being ready for market. In addition, there is a general distrust of any system that collects such personalized information, likely a product of the dramatic increase in personal information being gathered since the World Trade Center attacks of September 11, 2001.
What holds the greatest promise for increased mobile phone security in the near future?
Up to now, the primary focus of mobile phone security has been to prevent access to the phone operating system or the code running the installed apps. That security has been based upon encrypting the access information (password) and the data being sent to and from the phone. The biggest drawback to such virtualization has been that the process of encrypting and then decrypting the data has thus far been handled by third-party software on a remote server. And as we’ve too frequently observed, hackers have been able to get inside the server code, giving them ready access to the data in every phone that uses that server for encryption /decryption. A promising new approach is the storing of randomly-generated encryption/decryption code on a small chip within the phone itself.
Generating random encryption algorithms within the phone would eliminate the weak link of requiring a separate server, while at the same time decreasing the potential volume and value of data that would be accessible once the server’s security is compromised. And since the onboard algorithm would be randomly generated, the potential for hacking into it would be greatly diminished.
Shortcomings in current security measures notwithstanding, the intense efforts to heighten mobile phone security have definitely had a positive effect. Hackers have to work much harder than they used to in their attempts to grab users data. Furthermore, as security continues to improve, physical thefts of mobile phones have decreased markedly, by as much as 50% within London, according to the Mayor’s office. As detailed in an article on the MobilePhoneDeals.uk website, by combining more effective technologies with common sense user practices, mobile phones can continue to further enhance users experiences, while significantly diminishing the potential for data abuse and theft. The hackers and thieves will always be there, but we are consistently making their job more difficult, and the payoff less enticing.