Social media and mobile security

A few Fridays ago I was down at the London headquarters of the Press Association (PA). Some of the editors of Epigram were lucky enough to get invited down there to have a tour and get some training from their professionals. It was great.

The whole day was aimed at people who wanted to be journalists, and so the PA’s director of training Tony Johnston spent some time talking about what the future might hold for those people reporting the news.

It’s all about social media. That was his message. And he showed this video to illustrate how serious he thinks social media is going to get soon. Watch it, and I guarantee you’ll feel hyped!

This year is (apparently) the year when social media really comes into its own with the launch of new tablets, which are more adaptable than the Apple iPad. I’m thinking of things like the Motorola Xoom which use open-source software. As these tablets become more affordable Tony expected that news companies will begin to create  specially designed tablet content for readers to sign up to.  This will give rise to a bewildering array of choice, but if these feeds are compiled into personalised magazines and newspapers it could make reading news a much more enjoyable experience. Eventually, one can envisage a business model where we all have tablets (not just uber groovy Apple scenesters) because news corporations buy them for us, then use them to sell us their news products. Actually, I think this sounds pretty good.

However, one thing crossed my mind during Tony’s talk and has kind of stuck there ever since. The more we start to conduct our lives online the more of our information is available for unscrupulous people to take advantage of.

Already rogue apps have begun to appear in smartphone software. Because of the open source code used for writing most of these programs, anyone can write an app and put on the marketplace. This leaves the system quite vulnerable to malicious software (malware), and indeed google recently had to remotely delete around 50 malicious apps which had made their way into users Android devices. Most companies vet the apps in their marketplaces of course, so this is an avoidable risk.

More overt hacking might be difficult to prevent. NewScientist recently reported that it’s startlingly easy to hack directly into mobile devices using signals from fake base stations, and there is currently very little defence from such an attack. The idea, demonstrated by the specialists at Spanish mobile security company Taddong uses a fake base station, that is, a central station through which nearby GPS signals are relayed. Mobile devices  have to verify themselves when communicating with bases stations, but the base stations don’t have to return the favour, making it easy (if you know how) to set up a pirate version. Once the fake station is connected to the phone it can do all sorts of clever things, like send and receive texts (without notifying the user) and of course, any websites the phone visits can be intercepted and viewed.

All you need is a fair bit of technical knowledge and the £10,000 or so that it requires to set up a fake base station. OK, so although this is costly and technically challenging unless you know how, it’s not hard to imagine people doing it, especially if it becomes normal for us to check our internet banking, email and other valuable information whilst out and about with our tablets.

It might not be impossible for device operators to sharpen up security a little.  But worryingly, even the relatively easy to solve security issues which exist right now seem unimportant to them.

I checked out Taddong’s blog and came across a piece of mini research they’ve conducted into call encryption. All data, not just calls, which comes in and out of phones may or may not be encrypted for security. By law, service providers don’t have to encrypt calls and they don’t have to notify whether calls are encrypted or not; but industry standards recommend that they do.

Taddong’s research shows that the popular iPhone 3G never tells the user whether their call is encrypted or not, and there’s often not even a way to find out. This is  also true of my HTC windows phone.

So I am left wondering whether the huge advantages of mobile media devices, complete with mind-blowing social media-driven features, will be so enticing that we will not stop to ask how secure our data connections are. I’m massively keen on getting an Android tablet, but perhaps now I’ll be thinking just a little more carefully about it’s security features before signing the contract.

Advertisements
This entry was posted in Technology. Bookmark the permalink.

2 Responses to Social media and mobile security

  1. Mother in law says:

    Having suspended my Facebook account recently, I wonder about the wisdom and safety of sending all types of message to large numbers. Will the world become homogenised – a massive impersonal village, losing cultural differences, losing privacy, missing out on the honour of an individual message to another individual? Will Big Brother be watching us?
    Will these communication revolutions break up real live communities and give us a touch-free virtual existence?
    As I am between 55 and 65 – am I to go forwards or backwards? I suppose forwards is the only way to keep in touch with the younger generation.
    I like abusing my 2nd hand paperback over lunch bending back the cover so I can hold my fork and not worry about dropping gravy on it, or having it stolen. I will open up Facebook again I expect but I will ration my time looking at it.
    Very thought provoking. Thanks.

  2. Pingback: A few words from David Perez | Bench TwentyOne

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s