RSA 2015: Convenience said to be the weakest link in mobile phone security

Charles McColgan, chief technology officer at TeleSign and Mark Crichton, tech director for fraud and risk solutions at RSA
Charles McColgan, chief technology officer at TeleSign and Mark Crichton, tech director for fraud and risk solutions at RSA

The biggest risk to security in the mobile channel is the convenience with which users can engage in risky activities such as downloading malicious software and divulging personal details.

Mark Crichton, tech director for fraud and risk solutions at RSA, and Charles McColgan, chief technology officer at TeleSign delivered that message at the RSA conference during their presentation on the True cost of fraud and cyber-crime against your mobile channel.

“The more you can do on them and the more convenient you can make it, I will do it,” Crichton told SCMagazineUK.com. “I think that opens us up to all the data, systems, whatever it might be – and that's the biggest risk to security.”

When all a mobile phone could do was send text messages, it wasn't much of a security threat, he added.

Consumers may download a seemingly innocuous app and unknowingly grant that app permissions and access to other features on the phone at the same time, effectively turning the phone against its owner.

“You might download a torch app for your phone but what it's actually doing is every couple of minutes sending a text to a premium rate number or making a call,” Crichton said.

Another phone exploit is to put malware on someone's phone and then wait for a text message from their bank which contains a one-time authentication, a problem that is more prevalent in Europe and Latin America than it is in North America, he said. “The malicious apps are forwarding those messages to fraudsters in real time, never displaying them on the device.”

Page 1 of 2