Smartphone Battle Will Be All About Mobile Security

Sep. 14, 2016 2:12 PM ETHPQ, GOOG, BB, NOK, AAPL, GOOGL, BB:CA40 Comments

Summary

  • iPhone security has received international attention in the past few months because of cyber leaks and operating system upgrades by Google and Apple.
  • The enterprise is becoming increasingly more vulnerable as more employees use their own devices to attach to their corporate networks.
  • As IoT becomes prevalent and a smartphone is used to control smart devices malware threats garner heightened importance.
  • Smartphone suppliers Samsung and Apple have their own security products and future purchasing decisions will be based on enterprise and IoT concerns as well as smartphone features.

Internet security via hacking is all over the press with issues such as DNCLeaks, WikiLeaks, the DNC hack, and the release of iOS 9.3.5 to fix three security vulnerabilities only few weeks after posting iOS 9.3.4 to fix a jailbreaking-related bug. Now we learn that iOS 10 is causing headaches for some as they try to download the new operating system.

A little knowledge is a dangerous thing, and because my mobile umbilical cord to my office is my iPhone 4S, I've been scared to death to upgrade in the past and still run iOS 7.1.2, fearing it would turn into a brick. Fortunately I don't work for a company with a corporate network. And that's the rub. Smartphones are replacing company-issued computers as a user interface to the enterprise network in business. This is creating problems for IT professionals at enterprises as Bring-Your-Own-Device (BYOD) and Corporate-Owned-Personally-Enabled (COPE) has accelerated with the proliferation of apps for business needs.

At Hewlett-Packard (HPQ) 62% of people work from home or at offsite locations. And HP is not unique. Unfortunately while 79% of employees in high-growth markets believe the constant BYOD connectivity them to do their jobs better according to a study by Ovum, only 20.1% of companies surveyed had signed a policy governing BYOD behavior.

Usually malware is downloaded into a phone when the owner downloads an app from a site other than the official Google (GOOG) (GOOGL) Play or Apple's (AAPL) App Store. Since there are more Android smartphones sold, Android phones have had a history of more threats and malware attacks, but only because there are more in use.

The latest cybersecurity threat on Apple's iOS 9.3.4 serves as a warning that hackers are so sophisticated it contained three previously unknown vulnerabilities and took 10 days from the time it was discovered until Apple fixed it with iOS 9.3.5.

Problems Surface on the Enterprise

Cybercrime costs companies an estimated annual cost that totals up to 100 billion dollars, according to a report from Heimdal Securities. As shown in the chart below, there is significant variation in total cyber-crime costs among surveyed companies around the world, which totaled $15.42 billion in the U.S. in 2015.

A Nokia (NOK) malware report of March 1, 2016 shows smartphones now account for 60% of infections in the mobile network. The report noted that:

"The modern smartphone presents the perfect platform for corporate and personal espionage, information theft, denial of service attacks on businesses and governments, and banking and advertising scams. It can be used simply as a tool to photograph, film, record audio, scan networks and immediately transmit results to a safe site for analysis."

IoT

In the next several years as both companies become entrenched in the IoT, the smartphone will undergo a paradigm shift and will become, in addition to its current functionality, a crucial device for connecting to Smart Homes, Smart Cities, and Smart Technology.

For the Smart Home, for example, LG divides its SmartThinQ line of connected appliances into categories for the kitchen (ranges and refrigerators), living (washers, dryers, robotic vacuums and air conditioners) and safety (robot vacuum doubles as a safety monitor with a video feed). They all integrate with the company's smartphone app.

Samsung's (OTCPK:SSNLF) SmartThings Line includes smart outlets, hubs, motion sensors, multipurpose sensors, arrival sensors, water leak sensors and more. The company also sells a complete home monitoring kit that makes it easy to get started with home automation. The free app runs the home from a smartphone.

HP in July 2014 released results of a study revealing 70 percent of the most commonly used Internet of Things (IOT) devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions.

"As the number of connected IoT devices constantly increase, security concerns are also exponentially multiplied. A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business. In light of the importance of what IoT devices have access to, it's important to understand their security risk."

The Smartphone Battleground Will Move To Security Platforms

Today's smartphones are used primarily for communicating, entertaining, or acquiring information. Samsung, Apple, and a host of Chinese manufacturers compete head-to-head in smartphone technology features and sales. Both companies battle to introduce newer and better features than their previous model and those of their competitor.

With the growth of BYOD in corporate networking and the billions of connected IoT devices, the rash of reported security breaches, and the lax posture of corporate IT professionals, smartphone security at the device level has become a focal point for operating system developers. Each operating system offers its own security, but which is best?

In a report published in April 2016, Gartner compared 12 mobile device platforms -- Android 4, 5, and 6; BlackBerry 10; BlackBerry Android; iOS 8 and 9; Samsung Knox; Windows Phone 8.1 and 10 (Lumia); and Windows 8.1 and 10 (Surface). The company awarded Knox more "strong" ratings than any other system.

Gartner's report examined a variety of core OS functions - biometrics, kernel security, and OS updates in addition to functions relevant to IT administration - encryption management, workspace isolation, and jailbreak/root protection.

Of all the platforms evaluated, Knox was the only one with "strong" ratings for every control in the corporate managed security section. The runner-up in terms of corporate managed security was BlackBerry 10, which received ratings of "strong" in every category except Device Firewall Management, where it was rated "average."

Knox 2.6 is the latest version of Samsung's security platform, available on the Galaxy S7 and S7 edge devices, it can coexist with Google's managed container technology, Android for Work. Samsung Knox is a defense-grade mobile security platform built into Samsung devices. It extends the software level protections of Android adding hardware level security mechanisms to ensure the integrity of the device.

Android for Work provides modern and effective safeguards to protect both the individual and the enterprise. The app is free, but organizations are required to run enterprise mobility management (EMM) software from a vendor such as AirWatch by VMware, Citrix, IBM Fiberlink, MobileIron, BlackBerry or SAP to use it. EMM is an all-encompassing approach to securing and enabling employee use of smartphones and tablets.

As I said earlier, 97% of mobile malware threats are aimed at Android phones. Besides the issue of individuals downloading apps from other than the Google Play store, there is another obvious reason - there are more Android phones in operation.

Shown below is a study from Gartner that shows that more than 80% of smartphones are sold each year. With that in mind, anything that can decrease the cybersecurity threat in a smartphone is critical, and it appears to me that Samsung's Knox is the answer.

As for iOS for the iPhone, the common belief is that it is more secure than Android, particularly in light of the difficulty of the FBI cracking the encrypted iPhone left behind by a terrorist involved in the San Bernardino shootings.

But that's not exactly the case. iPhone users around the world were forced to download iOS 9.3.5 on August 25, which was an update by Apple from iOS 9.3.4 that was issued just three weeks earlier (an update of iOS 9.3.3 introduced earlier than that).

Apple fixed the holes 10 days after a tip from two researchers. The hack is the first known case of software that can remotely take over a fully up-to-date iPhone.

Investor Takeaway

Security has not been a selling point for new mobile phones. That will change as more personal smartphones are utilized on the enterprise and IoT reaches the masses. We're starting to see snippets of changes as Blackberry (BBRY) introduced DTEK50, touted as the "world's most secure Android smartphone" in July. Blackberry has a long history of focusing on security, and the BlackBerry 7 was rated as the most secure enterprise-ready OS by Trend Micro back in April 2012.

It is not my intention to make a recommendation as to what is the better security system. What I'm trying to do is connect the dots to show that, while smartphone security has long been an important issue, it is reaching heightened attention with recent press regarding Apple's standoff with the FBI, and just last week the emergency need for iPhone users to upgrade to iOS 9.3.5.

The increased use of personal smartphones on the enterprise (BYOD) and the near exponential growth of devices connected to IoT and smart technology will force the issue of security and put the onus of providing that security transparently and seamlessly in operating systems.

So far, only Blackberry is promoting security in its advertisements. For example, on the Samsung Galaxy 7 landing page on the company's website, there is no mention of Knox.

Apple too doesn't mention security or encryption in its landing page.

That will change, and security will be one of the issues in the purchasing decision of a smartphone, along with screen size, camera, etc. This is particularly true for individuals who intend to use their smartphone for work on the enterprise, as IT management will enforce a more strict posture on cybersecurity.

This article was written by

Robert Castellano profile picture
14.37K Followers
Providing a deep knowledgebase for better semiconductor stock investments

Dr. Robert N. Castellano, is president of The Information Network www.theinformationnet.com. Most of the data, as well as tables and charts I use in my articles, come from my market research reports. If you need additional information about any article, please go to my website.

I will soon be initiating an investor newsletter. Information to register will be online on my website.

I received a Ph.D. degree in chemistry from Oxford University (England) under Dr. John Goodenough, inventor of the lithium ion battery and 2019 Nobel Prize winner in Chemistry. I've had ten years experience in the field of wafer fabrication at AT&T Bell Laboratories and Stanford University.

I have been Editor-in-Chief of the peer-reviewed Journal of Active and Passive Electronic Devices since 2000. I authored the book "Technology Trends in VLSI Manufacturing" (Gordon and Breach), "Solar Panel Processing" (Old City Publishing), "Alternative Energy Technology" (Old City Publishing). Also in the solar area, I am CEO of SolarPA, which uses a proprietary nanomaterial to coat solar cells, increasing the efficiency by up to 10%. I recently published a fictional novel Blessed, available on Amazon and other sites.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.

Recommended For You

Comments (40)

To ensure this doesn’t happen in the future, please enable Javascript and cookies in your browser.
Is this happening to you frequently? Please report it on our feedback forum.
If you have an ad-blocker enabled you may be blocked from proceeding. Please disable your ad-blocker and refresh.