The world’s largest mobile innovation forum, “Super Mobility Week”, is being held in Las Vegas. We were there to participate and moderate a panel on mobile and cloud cyber-security with speakers from Verizon, Samsung, and Eriksonn Mobile.
The event maintains an impressive vendor floor and multiple stages for discussions and panels throughout the days. The floor hosts vendors presenting their newest products, including wearables and other IoT. The afternoon keynotes yesterday brought a switch from the planned Twitter’s CEO to their “President of Global Revenue” Mark Bain, who spoke about both their technology push onto wearables and IoT, and a glimpse into their data mining capabilities derived from their Gnip acquisition. It’s notable that he didn’t mention anything about security or privacy. Two factor authentication is ancient history for them, while Apple and their customers unfortunately continue to learn the hard way that some inconvenience is a small tradeoff for privacy and security.
Microsoft also keynoted, bringing their EVP of Devices Group onstage to discuss their push into mobile to cloud technologies with Nokia devices and “Cloud OS”. Again, no mention of security baked into these technologies, although we haven’t seen any recent naked celebrity photo theft from the Microsoft cloud.
My panel’s discussion weaved mainly in and out of enterprise wide security challenges to BYOD and cloud adoption, along with recent and relevant threats that we noted:
1. The recent Apple iCloud mess revealed several things
- Apple provided password and knowledge based authentication services that enabled social engineering and brute force attacks and dismissed 2FA (until now). On cloud service authentication security, Apple “led from behind”
- Apple’s cloud security enabled brute forcing of both AppleIDs and iCloud passwords
- In general, mobile to cloud customers have no idea of where their data resides, if it or how much of it flows off of their mobile device, how many organizations have access to it, or how well it is secured
2. Mobile malware volumes continue to surge – our mobile malware collection now includes almost half a million samples. Digging deeper, in 2013, we saw around 600 mobile banking trojans and now our malware collection maintains around 8,500 banker variants specifically supporting financial cybercrime.
3. Wifi and Ssl insecurities, as implemented in and used by mobile technologies, are on the increase and will likely continue to be.
4. Targeted attackers express interest in an expanded set of technologies, including various mobile devices by the Rocra, LuckyCat and Chuli attackers.
The event lasts from September 9th to the 11th.