The first group of mobile devices appeared in the mid-nineties and provided personal organisation applications. These were called PDA’s (short for Personal Digital Assistant), they were a digital version of the Filofax, or diary. There were several of these around until they just fizzled out as an alternative to paper-based diaries or organisers.
This is an edited transcript from a video blog recording of Sarb Sembhi, CTO and the CISO for Virtually Informed, and his co-host Nick Ioannou, Director of Boolean Logic.
When mobile phones took off, Microsoft created a mobile version of Windows to run on a mobile phone. This offered users an opportunity to connect to Wi-Fi, download apps, receive email, read documents, amongst other things.
"Most Organisations were not ready to deal with opening up their networks to personal devices, but it happened nonetheless."
However, things were still not that interesting for Organisations to consider using mobile devices in large numbers, this changed quickly when devices like the Blackberry, iPod, iPhone and iPad and Samsung devices were introduced, because these new breeds of devices created for “Bring Your Own Device (BYOD) into Organisations. Most Organisations were not ready to deal with opening up their networks to personal devices, but it happened nonetheless.
The transition from dumb devices and smart devices brought with it two dominant operating systems (OS) which obscured the others to an early retirement. These two operating systems very early had realised that to win over users, they had to make the OS as open as possible to application developers, as the more apps that are available would attract more users.
This opening up of the OS was not just the OS, but essentially opening up of user data, in the contact list, in the accounts users created, what apps they downloaded, and so many other things, which some big tech took full advantage of. Privacy was the casualty of this OS war to win over customers through applications on the platform.
Security in the OS and the Apps was not even an afterthought, as the OS platform owners themselves collected vast amounts of data without permission. Although, some of this has changed due to legislation (and a belated realisation that taking our data was wrong!) now the OS platform owners seem to be promoting more effective security and privacy.
Over the period of this quick overview, what has happened is that mobile devices can now represent individuals, as they can be used to access all the services that they subscribe to, pay for things in shops, transfer money to other people and accounts, reset our services via email or messaging, verify who we are (our identity) use electronic tickets to travel on trains and planes, control who gets into their home while they may be on the other side of the world, see who is going in and out of their home, control heating and lighting and energy in their home, etc.etc.The list is endless.
Our mobile devices are a representation of us, the more we use them for all the services that are available for them. So, the more applications and services we subscribe to on our mobile devices the more it is capable of becoming us in our absence. Is this risky for Small Organisations?
Attacks to mobile devices
Attacks to mobile devices have existed for many years, and since they first started to use of the devices for so many other functions, services, etc. has made them even more valuable as attack targets - not less.
This is only likely to increase not decrease, given that we already use them to do the following: