Does Anyone Really Care About Mobile Security?

By on Feb 17, 2016

I’ve attended Mobile World Congress a number of times and it is fair to say the concept of the show has evolved over the years. Previously, when someone said “mobile” we thought of physical handsets; whereas the term today has a much more complex definition. “Mobile” now is a reflection of the Internet of Things (IoT) and the hyperconnected world we live in.

You only have to look at the thousands of connected devices presented at CES—from wearables to smart refrigerators—to see the extent to which IoT will soon be ingrained in our everyday lives. But with more devices come more threats. And security needs to take center stage if users are going to trust their devices, especially as that trust has been tainted in light of the numerous breaches last year of high-profile companies such as TalkTalk and Ashley Madison. More users now demand to know their personal information cannot be compromised; we saw this shift when thousands of TalkTalk’s customers went elsewhere after the breach.

It’s worrying that some companies have not gotten the memo. Just last week we learned that VTech had updated its terms and conditions, and what I read filled me with despair. Under the new terms, VTech says families using its software do so at their “own risk.” The company places the entire security burden on its customers, claiming it is not liable in the case of future attacks by asking its customers to accept that “any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorized parties.”

When the company was hacked last year, more than 6.3 million children’s accounts were compromised, with conversations, photos, and video messages between families exposed. Do you want to live in a world in which companies can get away with this responsibility shift while selling us connected devices for our homes and for our children? I know I don’t. The implications of such a stance becoming the norm are worrying. Although the Information Commissioner’s Office has stated that the responsibility of protecting data does lie with the manufacturer, I question whether market pressure (customers) will demand better security.

Organizations have a duty to care for their customers. If the consumers companies want to reach are ever going to fully adopt these technologies, trust between the two parties will have to evolve.

This Mobile World Congress, we will be exposed to a world of exciting new technologies and opportunities as we move into an even more connected future. But as we acknowledge the move beyond the traditional handset to the new generation of digital devices, we need to address the issues around privacy, security, and control that come with them. As connected devices become more common and essential to our lives, security basics need to be the priority, right from the start. Without first establishing a foundation of trust, the exciting prospect of 5G and the wider future of IoT will fundamentally fail.

About the Author

Raj Samani

Raj Samani is Chief Scientist and McAfee Fellow for cybersecurity firm McAfee. He has assisted multiple law enforcement agencies in cybercrime cases, and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall ...

Read more posts from Raj Samani

Subscribe to McAfee Securing Tomorrow Blogs