- Published: 24 November 2010
- Written by NStinchcombe
A report just published - which identifies mobile networks as having a number of key security vulnerabilities that must be addressed - has been welcomed by Secure Browsing Service specialist Trusteer.
Trusteer, whose secure browsing service is offered by a number of banks, says that the Heavy Reading report is quite correct in identifying a potential problem with the security of mobile networks, for the simple reason that the wireless nature of the cellular networks makes them more susceptible to criminal attack.
“If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile Internet now represents, as A5/1 – the main GSM encryption algorithm – was cracked in a practical attack late last year by Karsten Nohl (http://bbc.in/f8n4rP),” said Amit Klein, Trusteer’s chief technology officer.
“Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or Web browser injection attack on a cellular delivered Internet connection,” he added.
According to Klein, whilst a WiFi-based Internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.
With the cellular mobile Internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.
The Trusteer CTO went on to say that Heavy Reading's report reinforces his research team’s observations, since it adds the very real prospect of criminal tampering with the network infrastructure to the mix.
So far, he says, the industry has not seen any proven cases of network infrastructure tampering or Web browser injections, but the possibility grows stronger by the day, especially given the steady march of the mobile Internet.
With mobile dongles and MiFi units now becoming more and more popular - largely owing to their considerable flexibility and the fact that the technology also frees users from the `line rental tax' that almost also telcos impose on their broadband users – Klein says that more and more Web traffic is being carried the last mile by cellular means.
With the GSM Association having reported the number of high-speed mobile broadband connections have topped the 150 million mark around the world in the summer of last year (http://bit.ly/oaKPx), it can be seen that cellular infrastructure - because of its wireless nature - now poses an IT security risk that many users overlook.
This, says Klein, is what makes this report so timely, and reinforces previous warnings about the mobile Internet security threat that few experts have even considered as a possibility.
Add in the fact that mobile Internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.
"Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it's clear that mobile Internet connections need to be considered less safe than their landline equivalents," he said.
That isn't to say the problem isn't surmountable, as users of online financial services should employ any and all security measures available to them - such as installing in-browser security such as Trusteer Rapport - in addition to their existing IT security measures,” he added.
“Add in some serious commonsense when using mobile Internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures."
For more on the Heavy Reading report: http://bit.ly/cLudFi
For more on Trusteer: www.trusteer.com
ENDS
About Trusteer
Trusteer, the world’s leading provider of secure browsing services, helps secure computers against Man in the Middle, Man in the Browser, and Phishing attacks. Trusteer is currently used by more than 70 leading financial organizations and enterprises in North America and Europe, and by more than 15 million end users to protect their online banking, shopping and other communication against sophisticated malware attacks and fraud. HSBC, Santander, The Royal Bank of Scotland, SunTrust, Fifth Third, ING DIRECT, and Bank of Montreal are just a few of the banks using Trusteer’s technology. Trusteer's service for enterprises prevents malware from accessing enterprise network resources and sensitive information through SSL - VPN connections and unmanaged devices. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com.