Are Mobile Messaging Apps and Social Media Putting you at Risk?

Mobile Usage Continues to Shift Away from Voice

Mobile usage has continued to shift away from carrier voice calls and towards use of text messaging and communication through social media (Twitter, Facebook, etc.).   While offering convenience, these new forms of messaging may pose greater security risks to consumers and enterprise customers.

Mobile has been taking the place of fixed/land-line calls for a few years; however, research also points to a slowdown in mobile calls.  In July 2012, Ofcom showed a 1% drop in mobile voice calls in the UK – a first ever drop in mobile voice.  Similar trends are seen in the US.  Following these trends, carriers like Verizon have started to eliminate tiered voice plans and have shifted focus to charging for tiered data services.  Notably missing from these new plans – such as Verizon’s Share Everything – is an unlimited data plan.  In hopes of gaining market share away from the likes of Verizon and AT&T, Sprint and T-Mobile continue to offer “unlimited” data plans – often throttling speeds after a certain usage limit.   Bottom line, mobile data usage continues to grow.

How This Can Affect Security?

While this trend comes as no surprise, what is sneaking up on everyone is the rapid increase in use of apps and social media sites for communication in lieu of voice and carrier-controlled SMS.  Hacking and phishing website passwords have been an issue with social media for several years.  This video from Defcon 17 shows how easy it can be to steal passwords from sites using mixed-SSL login screens. http://facebook.com (http) still has a login screen even though it’s not fully protected by SSL.  For mobile devices, you can help mitigate this type of risk by using PowerBroker Mobile to enforce always-on VPN.

How Secure is That App You Are Using?

Apps are posing significant risks. The wild success of Android and iOS means that developers can rapidly distribute software to a wide audience like never before.  Often these developers do not have security in mind when designing their apps.  For example, one of the top paid iPhone apps is a messaging program called WhatsApp.  They boasted in late 2011 about sending over a billion messages per day. In September 2012, the blog fileperms detailed the security vulnerabilities in a blog entitled “WhatsApp is broken, really broken.”  They show a history of encryption-less communication and use of weak passwords based on such things as network MAC addresses.  It doesn’t take much for someone “listening on the network” to figure out a MAC address for a device.  So how secure has your information been?

I fear that this example is actually quite common.  Does the average customer realize how these apps are playing with their data?   Do they know how this data is transmitted?   Do they know where and how this data is being stored?  Archived?  Shared?

As employees take to the streets with your company data and often use their app of choice, you’ll need to have a better way to assess what apps may be touching your data.  PowerBroker Mobile’s in-depth assessment can help you better understand what apps are in your corporate network.