posts tagged ‘mobile security’

Cloud computing and security

21 December 2009 | Richard Chow

You can’t avoid the cloud computing topic these days. As usual, the extreme viewpoints are the most visible -- cloud computing is either marketing hype, or game-changing. If you turn to security experts, it’s either “nothing new” or a “focal point". While there’s some truth in each viewpoint, it’s a little hard to untangle what’s really going on. An oft-quoted survey from IDC reports security is the biggest concern with cloud computing. We did our own series of interviews with different members of the cloud ecosystem, and asked them to identify the security/privacy issues and the concerns of their customers.

Tempted by location apps?

5 November 2009 | Richard Chow

Privacy should be the biggest concern for users of location-based social networking apps like Foursquare, Google Latitude, Loopt, and others. Will these companies store and analyze your location traces to figure out what ads to show you as part of their business model? You can deduce a lot about people from their locational traces: where they sleep and work and play, what stores and restaurants they like, who they spend time with, more.

Will mobile payments usher in a new era of crime?

13 October 2009 | Markus Jakobsson

With the recent news that Amazon launched a mobile payments service, I have to wonder if fraud will go through the roof. But Amazon wisely invented 1-Click payments to reduce user burden, and soon this feature will apply to mobile users. All of this is very nice and convenient for the user. Except if you're among the 8+ million users a year who lose their mobile phones. Then it becomes very nice and convenient for whoever finds your phone.

A central nervous system for automatically detecting malware

9 September 2009 | Markus Jakobsson

It’s nearly impossible for anti-virus protectors to keep up with the pace of malware – producing descriptions of what that malware looks or acts like – around the clock, especially with close to a million new and unique malware instances every day. But what if you can use the circumstances of software installations and executions to tell what kind of software it is without even looking at the code? This information can auto-inform anti-virus protectors, and can be used to provide immediate advice to a client machine, which turns to the “centralized [malware] nervous system” to ask whether a particular piece of code is safe to install or not.

Fear mobile malware

1 September 2009 | Markus Jakobsson

Online criminals have many tools for committing fraud and theft, including phishing and, increasingly, malware. A more acute problem is mobile malware, which will pose a serious threat to mobile communications as smartphone use explodes. The inherent limitations of smartphones – power, memory, bandwidth – make most anti-virus tools unsuitable once the rate of malware instances reaches a certain threshold, because smartphones can't handle the updates that PCs currently have to. So what happens when malware authors start developing viruses for smartphones at the rate they currently do for personal computers? We may not have to wait long to find out, because mobile platforms are rich with data and are convenient payment platforms ripe for defrauding. We must find better solutions before it's too late. And we can't use current strategies to combat the problem, because the mobile context is so much more vulnerable and resource-constrained.

Reducing the password burden: Implicit Authentication

17 August 2009 | Elaine Shi

How many times a day do you enter passwords in different places AND multiple times in the same place? While passwords are the most widely used method for authenticating users to computer systems and protecting our information, they're also difficult to remember, inconvenient, poorly used, and not always secure. There are multiple ways to authenticate us (something we know, have, are) -- but why not use our habits or routines to implicitly authenticate us?