Holders of Nigeria’s 120 million mobile lines see operators as being predominantly responsible for protecting them from a range of security threats to which they are increasingly vulnerable as the penetration of smartphones and mobile broadband rises, according to a new report from Informa Telecoms & Media.
Twenty-five percent of the country’s mobile subscription base uses smartphones, says TNS, a global market research firm, adding that 47 million mobile data users are currently on telecommunications operators’ network in the country. According to the report, telecommunications operators are partnering with security software providers to provide their subscribers with parental control capabilities as well as protection against threats such as malware, phishing, fraud, spam and the theft or loss of their devices.
BusinessDay gathered that operators such as MTN, Airtel, and Etisalat are working in earnest with mobile security vendors such as McAfee, Kapaskey, Symantec, and Gemalto in multiple markets.
“The growing penetration of smartphones and mobile broadband has led to the situation where subscribers are finding themselves at risk from a range of potential threats, particularly smartphone subscribers with Android devices,” said the report’s author, Pamela Clark-Dickson, senior analyst, Mobile Content and Applications at Informa.
Android-based devices were forecast to make up the highest share of the 1.02 billion smartphones sold globally in 2013, at 63 percent, or 643.6 million devices, according to Informa’s Future Mobile Handsets Interactive Forecast Tool, 2012-2018 (August 2013).
Gordon Love, regional director for Africa, Symantec, a cyber security firm, told BusinessDay at a recent forum that Nigeria does not really appreciate the magnitude of cybercrime and how it can derail an economy.
“Over 20 million malicious threats and attacks were released into the cyberspace in the last 12 months. These threats are currently here in Nigeria,” Love said.
He added that Nigeria has become a target for cyber criminals globally, explaining that the growing economy, increase in bandwidth capacity and the proliferation of mobile devices were some of the reasons the country was such a huge attraction.
Hackers target the widest possible addressable market with sophisticated attacks, and Android is indeed a target because it is based on an open-standards operating system, which makes it easier for hackers to penetrate.
According to the report, mobile subscribers are increasingly installing applications on their devices, some of which may contain malware and malicious software bred for one single purpose. There is also a growing trend towards subscribers storing more sensitive data on their smartphones, such as payment details, which unauthorised third parties could potentially access and then use to commit fraud or theft.
The increasing sophistication of smartphones, however, also makes it easier for criminals to prey on the vulnerable, particularly children.
Nigeria has become a major advocate in Child Online Protection. Last year, Hamadoun Toure, secretary-general of the International Telecommunications Union, appointed the First Lady of Nigeria, Patience Jonathan, as ITU’s Child Online Protection (COP) Champion.
Rock Adoke, head of IT (security & research), also warned of possible attacks targeted at mobile phone users via the telecoms operators’ Over-The-Air (OTA) settings, which are methods of distributing new software updates, configuration settings, and even updating encryption keys to devices like cellphones and tablets.
According to him, with the growing trend in electronic commerce, fraudsters were throwing spanners in the works of notable operators’ OTAs, targeting passwords and other credentials of phone users.
Technically speaking, over-the-air service provisioning (OTASP), over-the-air provisioning (OTAP) or over-the-air parameter administration (OTAPA) provides handsets with the necessary settings with which to access services such as WAP or MMS (Multi Media Service) or other internet configurations.
“SMS gives you the ability for OTA settings; that is what operators send to their subscribers. It is also a system that businesses and companies use to safeguard against staff using social media networks while incorporating Bring Your Own Device (BOYD) platform. In the consumerisation of Information Technology (IT), BYOD is a phrase that has become widely adopted to refer to employees who bring their own computing devices – such as smartphones, laptops and PDAs – to the workplace for use and connectivity on the secure corporate network. This trend comes with a lot of security issues for the enterprise. The setting allows you have access to the internet at a point in time,” stated Adoke in a report.
“What the fraudsters do is to download the OTA settings, which is not more than N300, send out messages to people and they respond in droves. The idea has been that once you see that setting, it is from a valid telecom operator, because we use it to browse.”
According to the security expert, hackers are cashing in on the lapses in telcos’ OTA positioning. “When they have succeeded in setting the proxy account, whatever the target is doing will be passing through their channels. That is what they call ‘over the air positioning exploits’. Let the target use it for any bank transaction, they will see the user name and password through ‘factor authentication’,” he added.
Ben Uzor Jr
