Mobile IP Security

Until the latter part of the first decade of the 21st century, mobile phones were predominantly voice only. Yes, people could use them to send text messages and download ringtones and wallpapers, but that was about it. There was only limited support for data—and at rates and throughput that were prohibitive.
The advent of 3G networks made high-quality Internet access from a mobile device a reality. Such was the rush for mobile Internet communications that data traffic now supersedes voice traffic on telecom providers' networks. With data networking as the new cash cow, telecom providers have focused their strategy on delivering high-speed data transport and services.

Unlike previous devices, however, these new 3G devices could not be locked down. Now the owners of these devices could download applications that used any nearby WLAN to send and receive data, bypassing the telecom operators' expensive data plans. Providing free WLAN access became a great cheap marketing tool; WLAN hotspots have since sprung up in shopping malls and leisure areas across the country.

Unfortunately, cybercriminals were not far behind. They found a vast array of new victims congregated in these areas—particularly teenagers. These kids quickly discovered the joy of instant messaging and other communications over a free WLAN infrastructure, thereby becoming easy targets.

This was mostly because phone manufacturers made instant and easy access a higher priority than basic security. As such, smartphones and tablets were enabled for Bluetooth discovery out-of-the-box. The criminal element rejoiced, as they now had direct access to these devices, which they could surreptitiously use to make voice calls, send data, listen to or transfer calls, gain Internet access, and even transfer money. The full menu of Bluetooth attacks was at the attacker's fingertips, including bluesnarfing (in which an attacker gains access to the contacts and data stored on the phone and redirects incoming calls) and bluejacking (in which an attacker sends unsolicited messages to other Bluetooth devices). These types of attacks were common on 2G mobile devices with Bluetooth in 2002 and 2003.

Today, mobile phones are no longer shipped with Bluetooth enabled in discovery mode. In addition, security has been hardened to prevent unauthorized connections and remote access to the phone's features. Confidence is such that smartphones are trusted for use in e-banking, e-commerce, and e-mail. Despite these improvements in securing wireless mobile devices and the underlying radio networks, however, there is no room for complacency. Cybercriminals, who have become adept at intercepting signals over unencrypted wireless networks, are never far behind.