Most of the devices are using open platforms like Symbian, Palm OS, Microsoft Smartphone OS and Linux which is good because it provides huge functionality for the new mobile phone generation.  But the same time, it's the same reason why it is an ideal target for viruses, malwares, worms and hacking attacks.

With the advent of 3G, I like to see that only the advantages of the 3G technology should get to the user, not the downsides, like the threats I just mentioned.  The ideal situation is to achieve balance between flexibility and security in order to best serve the customers and protect valuable data.  Of course, if the mobile device is already compromised, treatment will come next.  But even before that happens, I would like protection to come first.

Protecting 3G infrastructure is no different in protecting other technology.  3G providers need to protect their servers and database application servers, protect them to the extent that the threat will not reach the user's device.  And since we are talking about Wireless connectivity, it's the responsibility of 3G providers to address two security issues - privacy and access, and should provide security measures called "Wireless Internet Security".

In the 3G world, Four (4) areas need protection: the network, handsets, partners and the content.

- 3G networks is partially based on IP and has multiple entry, exit points and on line connection which exposes the network to all the known security and fraud risks of the Internet like viruses, intrusion attempts and Denial of Service attacks.

- Since 3G is packet-switch based, 3G handsets are constantly connected to the Internet thus making it more vulnerable and dangerous to various threats.   The new technology increases the expose of the handsets to hackers' attacks, downloads of malicious applications and spamming which can cause the handset to completely shutdown.

- 3G providers should properly check its content, application and service partners.  Emails, audio and video files can be used to transmit malicious content which can damage the handset and the network.  Broadcasting of improper or illegal products and services should also be prevented.

Example of threats are: Jamming (Denial of Service), Cracking (Deciphering and Cryptoanalysis), Sniffing (Breach of confidentiality through interception), Injecting (Insertion of false data), Masquerading (Impersonation), Rogue point or AP (Unauthorized access point insertion) and others.

Current identified Malware specific to mobile devices are: Skull Trojan, Cabir Worm, CommWarrior, Mosquito Trojan, Brador Trojan, Lasco Worm, Duts virus, Pseudo-virus and Delf-HA Trojan.

The new technology brings a lot of new opportunities. At the same time, it also brings new risks. Government and operators should pay attention and not ignore those risks.  They should do everything and take the responsibility of protecting their network and partners.  Handset manufacturers should also provide intrusion applications as part of its devices.  And lastly, content providers should exercise extreme caution in creating and broadcasting their content.

Strong security will have very strong implications when it comes to customers' acceptance and adoption of the new services and applications.  Industry and Governments together need to educate people and provide greater awareness of the dangers that exists when using mobile devices.

*****

Announcement: Attend the Powertips 2006 "Security Secrets and Strategies" conference on March 16, 2006 at the Grand Ballroom of Dusit Hotel Nikko. Tickets are available at all SM TicketNet outlets or call 911-5555. You can also register online at www.infochat.com.ph