Use this title slide only with an image

Does The Future of Mobile Security Lie in the Past?

Mary Landesman, Senior Security Researcher, Cloudmark

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 2Public

Does The Future of Mobile Security Lie in the Past?

The nature of malware and the entire computer attack spectrum has changed dramatically over the past decade.

Originally designed to be disruptive to the computer, today’s malware is no longer the end game, but rather a tool that serves as a means to a new end: criminal profiteering.

With that evolution, social manipulation has become a key facilitator in modern attacks, and messaging is the obvious medium through which it is affected.

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3Public

Open For Attack

The always-on/always-carried nature of mobile devices enhances the potential for social manipulation.

Attacks succeed because they foster a sense of urgency. Mobile device users may be more distracted while checking or receiving messages. A recipient may act more hastily and open messages on their mobile device without thinking about the risk first.

The combination of digital criminal profiteering and mobile adoption may well be the perfect storm. Not only does widespread mobile adoption provide a steady and increasing supply of potential new victims; mobile devices are also proving to be cost effective attack tools.

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 4Public

Spam Goes Mobile

A mobile attack may simply trick the recipient into agreeing to send premium rate SMS messages. This results in expensive and unexpected charges to the victim, allowing the attacker to profit.

Social engineering factors heavily in scam and fraud campaigns and, as a result, the exact pitch, or hook, used by the scammer varies by geographical region.

Text messages are a powerful vehicle for reaching people. Currently, SMS marketers claim SMS message open rates are higher than 90 percent and opened within 15 minutes of receipt.

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 5Public

Fighting Back

Mobile devices have already proven to be favourable and cost effective, both as an attack tool and as an attack target, with social manipulation playing a key role. Further, the ease of disposal and/or replacement of mobile devices will naturally hamper law enforcement efforts and make it more difficult to thwart attacks.

Hopefully, we can all learn from past mistakes. Central to the success of traditional computer attacks was a failure to recognise or act on early indications that malware had turned to profit. Criminal attacks on mobile devices are following an accelerated path leading in the same direction.

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 6Public

Read More

Read more articles on similar topics, download the guide here:

Mobile Operator Guide

Want to add your thoughts to the article? Access the complete article and contribute:

SAP Mobile Services Community

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 7Public

© 2015 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.