Hi everyone. Ed Amoroso here. And in this video, I want to introduce the basics of mobility security or mobile security. Now, the way to think about mobility or mobile devices, mobile infrastructure is in sort of the context of the architecture that we have with respect to mobility. You have mobile devices that are sort of controlled by something local. It may be your ISP but say in business, we'd have a mobile device management component would kind of keep track of and find and manage and provision and push software to and from your devices. Then obviously, you have the mobile device ecosystem itself, the operating system and the operating environment on the mobile device. This whole architecture in many cases, it comes down to a Google or an Apple for most of the devices that we use but certainly for IoT and other things, it might be other operating systems. There's certainly the mobility infrastructure as well. So you connect that over 4G, 5G to the local cell tower which then connects to some big blob of telecommunications. There's all sorts of considerations there. And then finally, your mobile apps store. So let's go through them in turn, and let's talk about some of the considerations, the security considerations, for each of those components. Let's start with number one, which we're going to call enterprise mobile device management. Our mobile device management or MDM. This is an absolutely essential component in a typical business because where previously, you kept track of everyone's PCs using PC management tools and IT tools that would keep inventory and manage and scan and update PCs and provision them. Now, we have a situation where most business people would actually prefer their mobile to their PC. Maybe you like that as well. You might be more linked to the your iPhone than you are to your Mac. I don't know. For me, I love them both. But at any rate, I like PCs as well. Mobility, the MDM component drives some basic security functions. Certainly, the idea that you would be provisioning things in a proper manner. Provisioning meaning, issuing, assigning names to who has who and who has an account for what and where these things are and what's running on them, how am I making sure they are properly protected. You can think of it as kind of a mini security system for the mobile devices in a business. If you're a student, if you just have your mobile device and you're connected to your local carrier, then you may not be as familiar with mobile device management. It tends to be more an enterprise component, but it's essential. So where PC security systems are to PCs, mobile device management or MDM is to mobiles and a business. That's the same kinds of functions to make sure that they're secure. Now, the second component certainly, your mobile devices. There are so many different security considerations in the context of your mobile device. There's a whole group of people that say, oh my gosh, Android is the best. And there's a whole group of people who say, iOS is the best, and you can argue back and forth and I don't think anyone will ever win. You could argue that iOS because its proprietary is not exposed to the same level of scrutiny as Android. You could say that the iOS security model, that the operating system level is less understood than all the time and effort that went into producing these Android security architecture with its attendant features that a lot of you can go off and dig into if you find that interesting. But I don't think you're ever going to win the argument of which is better but certainly, a lot of time and effort has gone into making mobile operating systems better than PC operating systems were a generation ago. I think its just nobody would disagree with that fact that the mobile operating systems have been less vulnerable. Does that mean they are not vulnerable? Absolutely not. We still have this problem of breaking into the kernel, we call that rooting. And sometimes, that technique is used in the context of something we refer to as a jailbreak, which is where a carrier or an ISP might put some software on to a device that in some sense ties it to their network. And if you can get into the system and break that tie here and tethering it to your carrier, then in some sense that's called the jailbreak. And depending on where you live, there may be degrees of appropriateness or legality to that sort of thing. I know that's still considered in some sense a hack to some degree. For many of you watching, you would say, no that's not a hack, it's perfectly fine. But that kind of thing since getting in at the operating system level and manipulating system or kernel functions to achieve some goal that sort of hack is a very common component in any mobility security ecosystem. So the idea that you either have controls in place to stop that or you would think it would be perfectly fine would be a local decision. Mobile ISP from a security perspective is not that different from normal internet security kind of considerations for a carrier, whether Tier 1, Tier 2, or a local provider. But what's different in mobility are bunch of towers. And you have devices that are connecting up to towers that have a finite level of capacity. And depending on the physics of how, whatever technology you're using to connect up to a tower or how those physics work, it may be easy or hard. For example, to jam a tower, meaning to just provide so much capacity, so much traffic into or out of a tower just to make it unavailable. If you're kind of interested in the physics of that or the electrical engineering of that, you may go off and study different types of spectrum characteristics in mobility. This concept called spread spectrum that makes a little bit more difficult for someone to jam. You may be interested in that sort of ancillary to cybersecurity but it's certainly an area in which you can go off and dig if that's something you're interested in. And by the way, jamming is not the only issue from a mobile ISP perspective. Like I said, all of the risks, all the attendant risks, that come with being a carrier are applicable in the context of mobility. If only the fact that we're also completely dependent on mobility for the app that there's almost zero willingness amongst any group or society or country to tolerate mobility outages of any type, and this goes for both 4G, 5G and also Wi-Fi. Very similar. We're so dependent on these protocols and the attendant support for these protocols to be in place that availability attacks are just not to be tolerated. And it finally brings us to our the ubiquitous mobile app store where we're downloading software to our mobile devices. The old days when I was young, the one thing you knew in cybersecurity is you didn't take a floppy disk, if you share a generation with me you know what that is. You didn't take a floppy disk and put it in your computer, if you didn't know where that disk came from. Well now, we think nothing of going on an app store and downloading things. Now granted, Google and Apple do spend some time quote unquote vetting applications, but they're certainly not doing a rigorous code analysis looking for subtle, embedded Trojan horses and integrity affecting vulnerabilities or just not doing that. They're certainly doing cursory, and they're doing a pretty good job of making certain that what is being put up in their stores is not blatantly and obviously inappropriate or malicious so we can depend on them to some degree. And certainly, the social grid that we're all part of allows for detection and very rapid dissemination should some application pop up that's violating of our privacy or security or whatever. So we do have some controls, but these four areas, MDM, devices, ISP mobilized infrastructure, and mobile app stores. Those are the kinds of things that if you're interested in mobile security, that you would be digging into. And I would encourage any of you if you have some interest here to use this light introduction to mobility security as a means for maybe digging in a little bit more deeply. Now as usual, we have a little quiz here to kind of test your understanding. Answers all of the above. But the bottom line is that unfortunately, mobility inherits many of the attendant risks that we just have on the internet. Then change that much, your mobiles a little mini computer. What's different is that it's using radio signals to hit a tower. From there, much of it remains more or less the same, which is why when people ask me about mobile security and what's different I said, well the architecture a little different, but the bottom line is it really does inherit many of the same risks. So I hope this has been a useful introduction for you. I'll see you later.
