Wireless Networks Have Growing Hacker Appeal
Citing his recent research that shows a flattening, or even a slight decline, in concern about security by wireless operators, Donegan warned that this is not a time for complacency.
“What we have seen to date is still just early skirmishes,” Donegan said. The professional crime element that creates most of the security threats today has been “toying” with wireless attacks, because they still see much greater economic rewards in attacking Windows-based PCs, he added.
The diversity in smartphone operating systems has actually worked in the wireless industry’s favor to date, Donegan said, because no one type -- Apple, Android or Blackberry -- represents a market large enough to compete with Windows-based computers. But that is rapidly changing as smartphone adoption increases, and more interesting -- and potentially lucrative -- information is being distributed to wireless devices.
LTE networks, in particular, are more vulnerable to security threats for multiple reasons, Donegan warned. For one thing, there is “an army of hackers” already schooled on attacking IP networks that can now turn their attention to the wireless realm. In addition, the reach of LTE is being extended with the use of small cells, that will be attached to light poles and buildings and more easily accessible to potential threats.
”And while encryption in 3G networks terminates at RNC, in LTE, encryption terminates at the base station,” Donegan said. “That creates a need to introduce IP Sec into the network, which is quite challenge.”
Donegan’s advice to the industry was straightforward: The cellular community has led the telecom industry in developing security, including the first end-to-end encryption of communications, and needs to build on that heritage in a systematic way that neither overreacts to individual threats or becomes too complacent about the larger looming issues.
Understanding the next wave of threats that is coming is critical to the industry if wireless is to develop lucrative new markets, such as mobile commerce and mobile health, he said. Pointing to comments made earlier in the year by AT&T Inc. (NYSE: T) Chairman Randall Stephenson that security is the “long pole” in the tent of advanced services such as m-health, Donegan urged mobile operators to try to make their networks “bullet-proof.”
“The health industry will take zero risks,” he cautioned.
Donegan also advised creating a chief security officer position, and making sure security is incorporated into every aspect of the network operation, and not considered a separate operation or “add-on,” but a critical function.
Further coverage from Light Reading's Mobile Network Security Strategies event:
— Carol Wilson, Chief Editor, Events, Light Reading