Doing Business in the Middle East:
Mobile Security
Security concerns affecting everyone from global banks to regular users
Are all apps “free of charge” or will there be a future cost in security breaches?
With the dizzying pace of advancing technology, we find ourselves glued to our electronic devices, be they mobile ‘phones, watches synchronised to mobiles, or tablets – you name it, we’ll be using it!
With the availability of ubiquitous wi-fi and strong, stable internet networks and the growing availability of 3G and 4G networks in many countries, this only bodes ill for any remaining technophobes but is great news for hackers and scammers.
This easy access to the web has only whetted the appetite for access to data on the move, whenever and wherever we are.
And now even more banks, traders and businesses depend on their mobile devices for all possible business interactions, including access to their own confidential databases.
Big Brother may be watching and listening!
In today’s mobile world, myriad mobile applications and services are available for “free” to users depending upon their requirements, all usually installed with a simple click … install … and accept… But accept what? What’s really behind the application you’ve just added – did you read the small print? Is it really ‘free of charge’ and do you know who is running it and what sort of application this is placing on your system? With recent news concerning illegal ‘phone tapping through IOS mobile ‘phones in Germany and other European countries, this should start the warning bells ringing for all large organisations, who should instigate an immediate review of their mobile security as a top priority.
Mobile security in the Middle East
Security companies in the Middle East and the Arab Countries have been noticing the increasing number of attacks on mobile devices, especially Android OS which has 80% market share of the OS market.
IOS attacks are rarer when compared to Android, due to the modality of their structure. As featured in CommsMea magazine, attacks have been predominantly in the consumer environment, but they are moving into enterprise because of the growing BYOD (bring your own device) that is growing worldwide. Florian Maleeki Said, the Solution Director at Dell SonicWall, a security firm comments, ‘Attackers will begin to use Android applications as a way to try to penetrate corporate networks because more and more users are using their personal devices to access sensitive corporate resources’. He explained that the targets that the bad guys are considering are personal mobile ‘phones that the user takes into the corporate environment and connect to the corporate Wi-Fi network.
Security threats escalating in UAE
Financial institutions and online banking have seen an escalating number of security threats over time, according to experts at SafeNet (one of the world’s leading providers of Data Protection and Software Monetisation solutions). “We have also witnessed hacktivist-sponsored DDoS attacks aimed specifically at bank websites. Social media hacktivism is a new trend that has emerged this year, as public profiles of governments and well-known publications have been hacked”, said Miguel Braojos, Vice President of Sales (Southern Europe, Middle East and Africa) at SafeNet. “Another trending threat is the blended cyber-attacks, where hackers use an array of different malware and techniques to gain access to multiple areas of a network. In recent attacks, groups of hackers gained access to multiple levels of the supply chain to find the entry point,” he added.
The continuous concerns and fear for the data of companies in Qatar pushed Vodafone of Qatar to launch a secure device management service to help businesses to protect their company data. This device management solution enables IT managers to remotely manage all of their organisation’s smartphones and tablets which can be remotely locked and wiped if stolen, and be tracked via their GPS locator if they are lost. It manages mobile apps to help company’s staff have the necessary tools needed while out of the office. This includes email encryption for emails sent between the device and the corporate network for added protection of confidential company information.
“Traditional” security threats
For many businesses, a lack of proper security protection on desktops or laptops is rather usual – with the solution being simple for many; they purchase an anti-virus protection to prevent data being spied upon, stolen or hacked.
Visa and Mastercard use was so under threat at one point that many customers lost money; not because they lost their access information, but simply because they used this information while purchasing online on using non-secure websites. Since then, secondary security levels have been implemented by many banking institutions to make it harder for hackers to steal the information quite so easily as before.
Remember – nothing is ever “for free”!
Now that 40% of hand sets in the Middle East and North Africa are smartphones with hundreds of thousands of mobile applications on all sorts of mobile ‘phones, nothing is out of the ordinary these days. iPhone’s ‘Facetime’ and Skype have made face-to-face conversations on the move a reality.
Whenever users come across a new exciting app that allows them to communicate faster, easier or for free, millions will rush to push on INSTALL without reading what they have just downloaded.
As an example, Viber is a leader in free’phone calls and texts.
It was recently acquired by one of Japan’s largest Internet service companies, Rakuten, for $900 million. So how is it that Viber can offer this service for free, when there is no clear advertisement, or any clear source of income? How does Viber make its cash?
Let’s take alook at how it describes what it is (see below image).
Their “Consent to use of data” information – the small print – states:
By using the Licensed Application, you understand and agree that we may collect and use technical data and related information, including but not limited to technical information about your mobile device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to the Licensed Application. We may use this information to improve our Service.
Their Privacy Policy now states:
If you are a user accessing the site or service from the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the site and service, which are governed by United States law, this privacy policy, and our end user license agreement, you may be transmitting your personal information to countries (including the united states) where laws regarding processing personal information may be less stringent than the processing of personal information in your country and you hereby consent to such transmission of personal information
http://www.viber.com/terms
In a statement by the developers about the ‘incredible’ sale price to The Guardian, a British newspaper, in August 2013, they confirmed that, “The app (Viber) and all its current services, including calls between Viber users, will remain free. But in order to transform itself into a real business, Viber must search for revenues”.
The reader may wish to make its own conclusions about how revenues are made.
Despite the fact that Viber founders and investors are Israeli, the company has been loathe to admit this. Some commentators believe this reticence is due to the high uptake of the app in the Arab world – any overt connection to Israel might damage its popularity in one fell swoop.
