The “childhood years” of mobile technology are already in the past. Over the past three to four years, market participants have gone from simple (by today’s standards) devices and applications to full-featured components of corporate systems. Moreover, the bulk of this number indicates the growth of interaction between individual private clients, partners and employees, on the one hand, organizations and their business processes[1] – on the other. Organizations, in turn, must adapt their strategies, business processes and technologies to the new, mobile environment.
Large companies entered the mobile technology market that had not previously dealt with them: IBM, Oracle, Dell, SAP, Hewlett-Packard, CheckPoint, Symantec, Citrix, VMware, etc. There were many mergers and acquisitions.
Figure 1 shows the statistics of the growth in the number of mobile devices and Internet users (million) from 2005 to 2017[2].
“Mobile technologies have evolved from enabling and innovative business solutions to key user computing technologies for the corporate environment,” said Phil Khochmah, program director at IDC. “As devices and applications have changed the way jobs are performed, mobile application platforms and services have created a whole new business model and interaction between participants. To reap the benefits, organizations need to understand the relationships, dependencies, and requirements across all aspects of mobility, from hardware and devices to platform management and development, security, and services.”
The development of means and methods for ensuring security in the field of information technology (IT) always lags behind the development of IT itself. However, for mobile technologies, this gap is much wider than for standard IT: new models of mobile platforms and operating systems (OS) with new features are constantly being released, the number of mobile applications, including corporate ones, is in the hundreds of thousands, and new management tools are being developed.
However, mobile technologies, like any other innovative solutions, have a downside. And the point of this downside is that mobile technology, like the Internet (and even the ax as an innovative technology of the Stone Age), can be used as a tool for committing illegal acts. In particular, terrorist activities, activities of various special services, unauthorized access to personal or critical corporate data (data constituting a commercial secret), substitution / blocking of data of critical information infrastructure, etc.
Below are some of the facts that collectively can be described as “cyber warfare is galloping”, i.e. flares up at a furious pace.
The Center for Public Relations of the Federal Security Service of Russia reported: “… the facts of the introduction of malicious software designed for cyber espionage into the computer networks of about 20 organizations located on the territory of Russia were revealed …”.
CIA CTO Ira “Goose” Hunt: “The Arab Spring would not have been possible without social media, mobile and cloud applications. In order to effectively control these processes, it is necessary to qualitatively increase the speed of data processing from the global network of sensors.”
According to some reports, within the framework of the PRISM program, Google, Apple, Microsoft, Facebook, and others are cooperating with the US NSA. There is also the CO-TRAVELER program, a tool for tracking the movement of cell phone owners and identifying their hidden contacts.
The Center for Public Relations of the FSB of Russia in December 2016 reported that “the FSB of Russia received information about the preparation by foreign intelligence services since December 5, 2016 of large-scale cyber attacks in order to destabilize the financial system of the Russian Federation, including the activities of a number of the largest Russian banks.”
Credit Bureau Equifax completed an assessment of the volume and composition of data stolen by hackers in the summer of 2017. The attackers got at their disposal 145.5 million social security numbers, which in the United States allow you to take out a loan or get a bank card.
The WikiLeaks website has published the following data: the tools available to the CIA allow “hacking” mobile iOS and Android operating systems. Infected smartphones can send location data, voice and text messages without authorization, as well as enable/disable the camera and microphone on command from outside. These and other facts are reported by The Independent and a number of Russian publications.
In addition, 145.5 million Social Security Numbers (SSNs), 99 million addresses, 20.3 million phone numbers, 17.6 million driver’s license numbers and 1.8 million email addresses were stolen. In addition, data on 209 thousand payment cards were stolen, including the number and expiration date, as well as 97.5 thousand TaxID numbers. These images have been uploaded by users to the Equifax portal.
For two years, the Russian financial system has lost about 6.9 billion rubles from cyber attacks, calculated in the Russian company Group-IB. In 2017, a new trend was revealed – the theft of information through instant messengers. Mobile threats are aimed primarily at users of the Android OS due to its prevalence, Dr. Web and Eset Russia. The Android OS is more popular with cybercriminals as it occupies about 80% of the mobile device market. In 2017, up to 400 new threats to the Android OS appeared monthly, while in 2016 there were about 300, and in 2015 – 200.
In September 2017, Google’s Play Protect team identified spyware for the Android OS app, but it has been spreading since October 2015. However, new versions of this software may be rooted on devices running affected versions of the Android OS, allowing them to perform a wide range of operations. With privileged rights.
Tizi-infected applications can receive data from social networks such as Facebook, Twitter, LinkedIn, record WhatsApp, Viber and Skype calls, send and intercept text messages, access calendar entries, contacts, photos/videos data, as well as Wi-Fi encryption keys. In addition, Tizi-infected applications can record audio data when the user is not using the device and take photos without notifying the user.
Since December 2016, the topic of information technology and ensuring their security has been constantly in the focus of attention of the Russian authorities. A number of regulatory documents aimed at increasing the level of information security were adopted: