Who is doing what on our mobile phones at any moment of the day? A new solution promises to shine a light on the murky goings-on.
A solution that allows you to see what’s happening behind the scenes on your mobile phones sounds both useful and scary. What really are all those apps doing, who is accessing the device at any moment in time, what data is travelling back and forth? A solution touted as “the world’s first mobile safeware” promises to bring much-needed transparency.
It stems from Ralph Echemendia, who goes under the title of “The Ethical Hacker”. Smarter Communities spoke to him at last week’s Money 20/20 show in Amsterdam.
The aim, he says, “is to turn everyone into a security guru”. He has been in computer security for 25 years, having started hacking at 14 years old “out of curiosity”. He has worked for many corporations but most notably in Hollywood, having initially been recruited to help tackle music hacking and from there into helping the director, Oliver Stone, among others, on a number of movies, including ‘Savages’ and Snowden’.
“The weakest link has always been people,” says Echemendia. They often change their behaviour online. Dr Mary Aitken, a cyber psychologist and author and who worked on the solution with him, refers to this as the “Online Disinhibition Effect”, aided by perceived anonymity. People take risks, she says, do things they wouldn’t do in the real world and this has an impact on security. And once the data is out there, there’s no getting it back.
In terms of awareness, the Facebook/Cambridge Analytica episode has been a tipping point, says Echemendia – http://smartercommunities.media/hindering-data-for-good-the-erosion-of-trust/ In the past, most people associated hacking with financial loss and, indeed, more or less all hacking is now for financial profit, he says. However, people now “don’t necessarily know what it means but they feel violated in some way”. From that perspective, it has been good for raising awareness, he feels.
“Consumers and their mobile devices are the most vulnerable,” says Echemendia. The solution that he is launching is called Seguru and will be available to download on a monthly subscription basis, along the lines of anti-virus software, from www.seguru.io. Machine learning will analyse potential threats, it will block malicious attacks and viruses, and it will send alerts.
Seguru will provide transparency so users can make informed decisions about other steps they might want to take. This could include applying blocking, removing apps and “geo-fencing” countries. It will follow the data as our mobiles are constantly communicating with servers around the globe.
“We asked a lot of difficult questions about how to communicate to the masses,” says Echemendia. He describes the resultant solution as “GPS for data”, visually showing the contacts and flows. Despite being an expert, Echemendia was surprised at what was thrown up. “It was an eye-opener even for us, who are technical and should know.”
The Bigger Picture
To put the threat into context, an estimated 1080 people are hacked every minute and the average detection time for a company that has been hacked (thereby exposing your data) is 206 days. Hackers are now targeting the cryptocurrency exchanges and could have a field day as the number of connections increases massively as the Internet of Things (IoT) becomes reality. Existing devices are exposed because they are old, in the field and hard to upgrade, says Echemendia. These include, he points out, satellites, many of which were launched a long time ago.
And being an Apple user is no longer as safe as it was, with a steep increase in the number of iOS attacks because it is now so popular.
Despite the levels of threat, there are not nearly enough people working in cybersecurity (one million unfilled cybersecurity job openings in 2017 according to Forbes magazine) and no one in senior management has cybersecurity expertise. “The reason we spend so much time with computers is because we suck with people,” joked Echemendia.
Who is responsible when something goes wrong in cyberspace, asks Aitken. We could learn from the environmental movement, she feels, where the onus is on corporations to prove they are doing no harm. “And when there’s a spill in cyberspace, it would be up to them to clean it up.” However, things move so fast that legislation cannot keep up, “so we need to be our own protectors”. With the new launch, at the end of July, perhaps here is a tool that can help with this.