Phone Hacking: A lucrative, but largely hidden history

I’m giving a talk at Defcon London DC4420 tonight. I decided to talk about the history of some stuff that is not really well known about outside of the mobile industry and a few embedded systems hacking circles.

For years, the mobile industry and its suppliers have fought an ongoing battle with people hacking mobile devices. This mainly started out with greyhat crackers from the car radio scene supplying tools to ‘reset’ your car radio PIN code (I’m not sure whether really driven by thieves or end users?).

This matured into SIMlock and IMEI hacking on handsets at the end of the 1990s, driven by very cheap pre-pay handsets. By the way, I was never a big fan of SIMlock, as it just increased targeting of the devices and it just wasn’t that sensible as the time we didn’t have the hardware available in the industry to protect it properly. Mobile phone theft (and re-enablement) was another driver.

Ordinary users were sufficiently motivated to want to pay to remove their SIMlocks and a cottage industry built up to serve it, supplied by tools from some very clever hackers and groups. This made some people very, very rich.

As skills have grown on both sides, the war between industry and the hacking community has grown increasingly sophisticated and tactical. Today it is mostly being played out within the rooting and jailbreaking community, but it looks like so-called ‘kill switch’ and anti-theft mechanisms will be a new motivator.

Anyway, I hope you find this taster presentation to the subject interesting!

Copper Horse Mobile Security Dinner – Mobile World Congress 2014

Another year and we’re back again. This year’s Copper Horse security dinner will take place as usual at a secret location in Barcelona on the 23rd of February. With some of the world’s leading minds in mobile security present, it’s the hottest ticket for Sunday night. Contact us if you’d like to attend, there’s a limited number of places. As always, we split the bill at the end.

This is far too early for the dinner and in the wrong location…

 

Mobile World Congress 2013 – The Copper Horse Experience

Copper Horse’s Mobile Security Intern Matt Williams experienced Mobile World Congress for the first time this year. Here’s his write-up on what went on out there:

It was that time of year again. When everyone in the mobile industry gathered in one place to exhibit, network and discover the latest updates in the ever-growing world of mobile phones. As usual, the Copper Horse team were there, from the Friday before the event to the Friday after. And here is a short summary of our experience of the largest ever Mobile World Congress!

The word “ever-growing” used earlier is a more than appropriate term to describe the current state of the mobile industry, as was evident by the scale of this year’s event. Mobile World Congress had moved from its previous home, the Fira Montjuic, across the city of Barcelona (the congress’s current and future host until at least 2018), to the substantially larger Fira Gran Via exhibition centre. The 2013 event consisted of nine Walmart sized halls, six of which were for exhibition stands, with the other three carrying out the roles of registration, a conference village and a theatre district. To walk from the Southern Entrance at Hall 1 to the Northern Entrance at Hall 8 would typically take 15-20 minutes; such was the enormity of the occasion. Consequently, a record 65,000 people were expected to attend (the final totals were over 72,000!). But prior to the new venue even being looked at, the Copper Horse team had a busy weekend of events to attend and people to meet.

The Weekend Before

After some initial settling in on the Friday and Saturday, consisting of networking, tapas tasting at local bars and collecting our badges, we headed up to the Nou Camp, home of Barcelona FC for a once in a lifetime trip to see them play. Along with some other industry colleagues we watched them beat Seville 2-1 in a hard fought game.

Copper Horse’s team were now ready to attend the first mobile-related event of the week – Innovation on the Fringe at MOB (Makers of Barcelona). Hosted by Heroes of the Mobile Fringe, Innovation on the Fringe is the speed-dating equivalent of mobile app demonstrations – time-wise at least! App demonstrators had two minutes to present their ideas, with a further two minutes of questions from an audience containing potential investors. A wide variety of ideas were presented – from neighbourhood change to online authentication with pictures.

Copper Horse’s main role in the event was not to witness the app presentations, but to give out an inaugural award. Namely, the Dead Technology Award – A golden calculator trophy presented to the technology that has either died off or flopped spectacularly in the past year.

Essentially the tech equivalent of the Golden Raspberry Award (Razzie) for Worst Film, attendees at the fringe event were given the opportunity to vote from a shortlist of nine nominees via SMS. At the end of the event, it was decided by the audience that Sony Ericsson’s demise as it was finally subsumed into Sony was to be the first ever winner of this prestigious title. And so it came to be that Sony Ericsson was propelled into Silicon Heaven (as they say in Red Dwarf). So congratulations (or should that be condolences?) to the now ‘deceased’ Sony Ericsson! RIP. You can watch the video of the shortlist below:

It was a quick dash for some filmed interviews, then back into town. Later on in the evening, it was our turn to become the host, as Copper Horse welcomed security experts from around the world to attend a dinner – now a well-established MWC tradition! The opportunity to talk with other experts in the field was a hugely interesting experience and the event took place at one of Barcelona’s top restaurants. This year’s security dinner provided a great insight into the week ahead at the Fira. And no sooner had the weekend arrived, then it was time for the congress to officially begin.

Monday

The primary focus of the first day of Copper Horse’s MWC was the Mobile Security Forum sessions held in the Theatre District of Hall 8. Security sponsors that included AdaptiveMobile, antivirus vendor AVG and network solutions provider Juniper Networks all held individual talks and panel discussions in relation to the world of mobile security. The topics debated were:

          Securing the Borderless Network
          Consumer Mobility and Privacy: Monetization without Alienation
          Offense or Defense: Security in an LTE World
The evening saw a great event hosted by Box. More security, good Tapas and red wine rounded off an excellent first proper day of MWC.

Tuesday

On Tuesday morning, Copper Horse Director David Rogers chaired the UKTI event “Cyber Security in theMobile World” – a seminar that identified what is meant by “Cyber Security” for mobile devices and networks, what is on the horizon in the context of threats, how genuine the threats are and what security methods could be put into place to make businesses and consumers more secure.

Following on from this were the Global Mobile Awards – We’ve already had the technology equivalent of the Razzies, now it was the turn of the best of the best to be recognised in the mobile industry equivalent of The Oscars. Over six hundred entries and nominees were in contention for the thirty-seven honours. Copper Horse judged in the ‘Best Mobile Safeguard & Security Products and Services’ category, which was won by Adaptive Mobile and Syniverse.

 

Among the other awards given out were Best Smartphone to the Samsung Galaxy S3, Best Mobile Tablet to Google and Asus for the Nexus 7 and the Judges Choice for Best Overall Mobile App to Waze, a mobile navigation app that allows users to add and see real-time traffic updates. The awards, hosted by comedian David Walliams, concluded, after which the team wound down the day at the annual Northern Ireland Beers and Scottish Whiskies – networking events held in close proximity to one another, in the UK section of the Hall 7 exhibitors.

Wednesday

Wednesday was a busy day for the team, with lots of meetings and events. It featured an early morning start at the MEF Kaspersky Breakfast Briefing. This session focused on the latest threats to app users, highlighting the most recent developments in mobile malware. A roundtable discussion and a series of presentations highlighting the scope of the threats took place. The main point to note was that the threat of mobile malware has never been greater, as there were approximately 4000 cases of it reported in 2012, of which 93% were on the Android platform. One of the primary reasons for the large number of cases being on Android devices, in addition to the fact that it is such an open operating system, was that many users ran older versions of the platform, which no longer had the necessary patches available. Overall, the breakfast was a very interesting event to attend.

In the afternoon, the GSMA’s Pat Walshe hosted an event ‘Mobile App Privacy: What’s Your View?’ with speakers from AT&T, Rovio (the makers of Angry Birds), Mozilla and the App Developers Alliance. There was some robust discussion, but there was a clear view that app developers need to focus on their own software quality and pay attention to security more seriously. There was also a good discussion on how small companies suddenly have to deal with regulators and lawsuits and what that growth experience is like.

After attending a few networking events in the evening, the day concluded with one of the best Barcelona parties – Swedish Beers. It’s a great chance to connect with other people as the week at MWC begins to draw to a close, particularly if you find one of the sponsors, who has the free drink tokens!

Thursday

Thursday was the quietest day of the four during MWC. Whilst some visitors had seen what they had come to see and departed Barcelona, there were still plenty of events to explore and exhibitors to meet. Mobile Monday operated a continuous run of presentations, discussions and talks until the congress reached its 4pm closing time, whilst WIPJam saw mobile developers meet for a busy day of storytelling, pitches and demos. Just to show how busy the event was, meetings carried on right up until the last minute of the show. In the last formal Copper Horse meeting of the day, the Fira staff were taking up the carpet and removing screens while the meeting was still going on! The day ended with a quiet Paella (where another ad hoc meeting happened (!)) before a good night’s rest before the journey home. 

Friday

Inevitably, the airport on Friday morning was chaos, with thousands of exhausted delegates desperate to leave. Some more accidental meetings at the airport and then finally, arrival in the UK!

All in all, MWC 2013 was a terrific experience and the busiest year yet for the Copper Horse team. Now starts the planning for next year!  

Only fools eat horses

There’s a scandal raging across the UK and Europe at the moment involving horse meat which has been passed off as beef. Lots of retailers have been affected as well as pubs, prisons and schools. There was also a worry that people would ingest the painkillers used for horses.

This whole issue is primarily a point about food labelling – people were expecting beef and they got horse, but the other point is that this food was really cheap, so the pressure within the supply chain to get cheap ingredients was very high. This was highlighted again in today’s Sunday Telegraph article: “Why meat can no longer be considered a cheap commodity“. Mark Price, the CEO of Waitrose says in the article that “if.. ..there is a requirement to hit a price point for consumers under financial pressure then there will be an inevitable strain in the supply chain. If the question is “Who can sell the cheapest stuff?” I’m afraid it is inevitable that there will be a slackening of product specifications”.

You get what you pay for

This is also the case in other industries. The mobile industry has for years been ruled by the device purchasers of the mobile network operators. Inevitably, on the security side they don’t want to pay for it. This is because a) they don’t understand it and b) they don’t see the consequences of not having the security included. It has only been recently that there is a ‘mild’ expectation that security is included, but it should be part of the standard feature set. This is also the attitude of the consumer (rightly). Customers have the right to expect that what they buy is safe and secure and isn’t going to harm them. They also expect that if a bank provides them with a secure banking app, that it does what it says on the tin – that it is labelled correctly and they’re not getting horse meat when they paid for beef.

Supply Chain Value, Integrity and Security

The race to the bottom of the mobile supply chain has been typified by the first thing to go, security – security in terms of secure hardware components that add $1 to the bill of materials and security that is gained through software quality – proper security testing and secure coding costs money. You can see this in many areas of the mobile industry, from equipment vendors who sell really poor quality product at super-cheap prices for inclusion inside the mobile networks, through to femtocell vendors and device manufacturers who again sell devices without adequate security which end up in consumer hands. Not only this but the supply chain integrity of such cheap products is questionable – what if the chip that you thought was made by Qualcomm was actually a counterfeit device? What are the implications for security? One of the key questions for cyber security is the security and integrity of the supply chain for key equipment. Another should be what the acceptable level of security is in equipment sold to consumers and how to assure that.

You Get What You Pay For

The same applies to mobile applications. The economics of the current apps ecosystem just don’t stack up properly. For mobile apps stores to test every application properly would cost more than the companies would make for them and the vast majority of apps are free. So what incentive is there for anyone in the apps supply chain to securely code them or check that they are ok? Luckily in the main app stores there is (at the moment at least) an adequate level of testing and checks in place, but for the rest of the world that don’t have access to those app stores, the situation is dire. Just as with the horse meat scandal, it is the poorest people in the world that suffer the most. They have no choice – they’re almost forced to download apps from questionable sources and they’ve got to like it, because there is no other choice for them. Unlike the food safety world, the weird situation in the app environment is that you also have an industry that constantly tells consumers that they might be eating horse (even though they’re not) – that is the anti-virus industry. Also, completely unregulated and free to make unsubstantiated statements by making incredibly tenuous links to rare incidents in other countries that are not linked to the phone you use. This wanton manipulation of statistics for profit is as irresponsible as selling poor quality and mis-labelled products and needs to be reined in.

Horse Meat for Beef Prices

A few years ago when new European health and safety legislation was introduced around abattoirs in the UK, the smaller abattoirs were up in arms saying that they couldn’t afford to implement the new rules. They also argued that consumer choice would be impacted as only the big abattoirs would be able to supply, what would be a limited choice of meat. However, look at this from the consumer point of view – what they’re really saying is that they can’t meet adequate requirements to supply you meat that isn’t going to harm you. What would you want: safe meat or a bit more choice?

With global austerity in full swing, scrimping on things that people don’t consider to be essential is going to happen. The problem is, security in mobile communications products is essential these days for lots of reasons. Perhaps there need to be minimum standards for industry around getting ‘adequate’ security in order to prevent this race to the bottom for cost reasons. As a consumer, I’m paying beef prices and often getting horse meat.

Copper Horse Mobile Security dinner in Barcelona – 2013

Well here we are again, preparing for more Mobile World Congress mayhem in Barcelona (albeit at a new venue).

We’re running our annual Copper Horse Mobile Security dinner on the Sunday night once more (that’s the 24th this year). The event will held in a secret location in Barcelona from 9pm onwards. Expect experts on security and mobile and some generally good intellectual conversation (unless you’re sat next to me!).

Definitely not being held here

Use the contact link above to get in touch if you’re interested in coming along. An important point to note – we split the bill at the end, so this is not a free meal 🙂

An interview with a tech journalist

I was slightly misquoted in an article yesterday on mobile malware, so I thought I’d re-post my exact responses to the journalist as I spent a fair amount of time out of my evening to respond to the request instead of relaxing! With Mobile World Congress coming up, some of the topics covered are relevant to things that will be discussed in Barcelona.

Good tech journalism?

My comments were in response to a BlueCoat Systems report on mobile malware that came out the on the 11th of February. I didn’t get the chance to see the report until the very end, so my last comment is based on my skim read of the report. The questions you see below are from the journalist to me.

Here was my response (me in blue):

Here are my responses, let me know if you need anything else. I didn’t read the report yet.
They are marked [DAVID]:

David –

I’m doing a story on a recent report from Blue Coat about mobile malware. No link yet.

My questions, if you have a few minutes:

It predicts that delivery of mobile malware with malnets will be a growing problem this year. Agree? Why or why not?

[DAVID] It’s possible, but the question is really ‘where’. Most mobile malware has taken root in places like China and Russia where there has been traditionally a lack of official app stores, (which has only recently changed). It’s like the wild west out there with a complete lack of controls on the ingestion side to check that developers aren’t peddling malware and on the consumer side because the devices are outside the ‘safe’ app store world we see in the West.

So we almost have two worlds at the moment: the first is the western world, mainly the Europe and the US where generally no-one gets infected (a tiny, tiny percentage of maliciousness gets through the official app store checks or gets intentionally side-loaded by the user, usually when they’re trying to get pirated software!). The second is the vast majority of the rest of the world, usually poorer countries where the controls and regulations on piracy and malware are lax. It is like putting a street market next to a high-end city shopping mall. The mobile industry isn’t static and will continue to evolve in terms of security and threat management both on the network and device side when it comes to the potential for botnets (at least in the more controlled environment of the West).

It says mobile devices are still relatively secure at the OS level, but that users are “set up to fail” because it is more difficult to avoid phishing –  URL and links are shortened, passwords are visible to an onlooker when you enter them – apps are not well vetted and mobile versions of websites are often hosted by third parties, making it difficult to tell which are legit. Do you agree? Why or why not? And if you do agree, is there anything developers ought to change?

[DAVID] Mobile OSs and their underlying hardware are getting very advanced in terms of security which is great news. The problem is that there hasn’t been enough invested into educating developers about how to develop secure software and in most cases the tools and libraries they use are not designed to help them make the right security decisions, resulting in very basic flaws which have serious security consequences (for example poor implementation of SSL). For some, it is just too difficult or too much effort to bother putting security in from the start. We need to break down that kind of mentality and I think we really need to improve considerably in terms of ‘cyber’ security skills around for mobile developers. In terms of usability and the lack of screen real-estate, then yes developers have a role to play in helping the user make the decision they want to – some QR readers now present the ‘real’ URI behind a shortened one in order that the user can decide whether that was what they were expecting.

Users can be very impulsive when it comes to mobile, so you have to try and save them from themselves, but balance this with not resorting to bombarding them with prompts. Human behaviour dictates that we’ll susceptible to social engineering and will get over any hurdle presented to us if the prize is worth enough (something which is called the ‘dancing pigs’ problem). This is a real problem for both the OS and application developers. One thing that hasn’t really been deployed yet in the mobile world is trusted 3rd party management of policy. Users could choose a policy provider they trust to take the security management problem away from them. Obviously it can’t solve everything – the user has to take responsibility for their own actions at some point, but it will go a long way to resolving current issues permissions and policy with mobile platforms. The key to it all is that the user themselves has to be ultimately in charge of who they choose as a policy provider, not the operator, OS vendor or manufacturer.

There’ll always be attackers – the arbiters of trust in the mobile world have great responsibility to the millions of users out there and they themselves will become targets. I like the way that Google Bouncer (the automated security testing tool of Android apps being submitted by developers) has now become the target of attacks. To me, Google have forced attackers back away from the ‘Keep’ to the castle walls which can only be a good thing.

[I’ve lumped all these questions together]

The report says user behavior is the major weakness. Hasn’t this been the case all along?

Is there any truly effective way to change user behavior?

Is it possible for security technology to trump user weaknesses? If so, how?

[DAVID] Yes user behaviour is a weakness, but usability and security don’t usually sit well together. Developers should not just consider the technical security of an application but make security as friendly and seamless as possible from the user’s perspective. Resorting to prompting is usually the lazy way out and it pushes the burden of responsibility onto a user who probably doesn’t have a clue what you just asked them. I think OS level and web APIs could benefit from different design patterns – how about building in more intelligence to the responses? For example in a geolocation API a developer could ‘negotiate’ access by understanding what the user is comfortable with, all in the background. This avoids binary behaviour – for example: apps, that fall over if you don’t enable geolocation and users that never install apps that have geolocation. Both situations are not very good for helping the apps world advance and grow! However, if the user had been able to say that they were happy to share their location to city level, then the API could negotiate the request from a developer for location down to 1 metre by offering up city level instead. It would make for a much smoother world and would apply very easily across many different APIs.

If a user makes a critically bad decision, for example going to an infected website, I think Google have taken a strong lead in this respect by clearly showing to the user that really bad things are happening. Perhaps this could extend to other things on mobile, but we still need to get the basics of security right first from a technology and manufacturer’s perspective. I think some manufacturers have a long way to go to improve their security in this respect.

It says users will go outside VPNs if the “user experience” is not good within it. Is it realistic to expect enterprises to make their user experience better?

[DAVID] I think there are some interesting things coming along in terms of more ‘usable’ VPN technology, but usually the reason a VPN doesn’t work is a technical one that an ordinary user isn’t going to understand. They just want to get their job done and may take risky decisions because there are generally no visible security consequences. Most people in big companies have to deal with inflexible IT departments with inflexible policies. The intrusion into people’s own lives with the introduction of BYOD has muddled things further. I can certainly see more societal issues than security ones for the overall user experience – for example it might be very tempting for companies to start intruding on their users if there is a big industrial dispute involving unions. I don’t think these questions have properly hit companies yet, but mobile companies like RIM are looking at proper separation of work and personal life from a technical point of view, after that it is really down to the paperwork – the rules of use and the enforcement of those.

The report said Android is more vulnerable to attacks because of unregulated apps and the diversity of Android-based devices. What, if anything, can/should be done about that?

[DAVID] Well to a certain extent yes, but this has been vastly overplayed by anti-virus vendors desperate to get into mobile. The vast majority of maliciousness has been caused outside of the trusted app store world that we see in the US and the UK. I wouldn’t have designed the app signing process in the same way as the Android guys did, but then identification of individuals can be difficult anyway – I know lots of registration systems that can be broken just by photocopies of ‘official’ documents. Google wanted a more open ecosystem and you have to take the good with the bad. In terms of the diversity or fragmentation in Android, this could become an issue as device lifecycles get longer. The mobile industry is looking at the software update problem and rightly so. For the network operators it is going to be a question of how to identify and manage out those threats on the network side if it comes to it. I don’t think software upgrade issues are confined to Android but we don’t want any of the industry to lag behind because in the future there is nothing to say that huge distributed cross-platform (automotive, mobile, home) threats could exist, so we should pay attention to resilience and good cyber house-keeping now before it is too late.

Sorry to be on a deadline crunch – 5:30 p.m. EST today.

And my final comment to the journalist after I’d seen the report:

So just had a quick look through, only one final comment:

One thing that we all should remember is that the bad guys are not the mobile industry – it is the people who perpetrate malware, spam and scams. At the moment, cyber criminals run rings around law enforcement by operating across lots of countries in the world, relying on fragmented judicial systems and the lack of international agreements to take action. We should build the systems and laws through which we can arrest and prosecute criminals at a global level. 

I hope readers find it useful to see what I really wanted to say – I don’t claim to be right, but these are my opinions on the subjects in question. Readers should also understand how much effort sometimes gets put into helping journalists, with varying results 😦. If you want to read the original article and compare my responses with the benefit of context, you can find it at CSO online.

IET Security for Mobile Devices – 20th June 2012, London

Next Wednesday, I’ll be chairing the Institute of Engineering and Technology’s Security for Mobile Devices event, which takes place at the impressive RIBA building in London. With topics ranging from the complex subject of mobile forensics to the good and bad of Bring Your Own Device (BYOD) policies in businesses, it is going to be an interesting day with some lively debate. I’m also pleased with the stellar line-up of speakers there. The programme includes:

  • An opening address by Mike Short of Telefonica (and also President of the IET)
  • Charles Brookson – the GSMA Security Group Chair
  • Former RIM Security Research guru and bluetooth hacking pioneer, Ollie Whitehouse
  • Head of the Metropolitan Police’s Digital and Electronic Forensics unit, Mark Stokes
  • Co-Founder of the Trusted Computing Group (TCG) and CEO of Wave Systems, Steven Sprague
  • …and many more excellent speakers and panellists!
I’m really excited about the event. There are a few places still available. To sign up, head over to this site: http://conferences.theiet.org/mobile/registration/index.cfm

Mobile World Congress – RIM Porsche fun

I promised you all that I’d publish an amusing story about the RIM Porsche 911 at Mobile World Congress last week. For those who don’t know about the background, RIM purchased QNX in 2010 who just happen to also do the embedded software for Porsche and others. There is a video explaining all that stuff below:

I was very impressed by this demo by the way. The coolest part is the live map of the Nurburgring giving you the right braking points because of the GPS link-up (if anyone is reading this from Porsche or RIM I would love to take it round the Ring by the way!).

Anyway, so I was standing there, the Porsche was sitting there unattended as was the Blackberry handset that was part of the demo. I can tell you that the password for the Blackberry was not “porsche” ;-). I opened up the glove box and had a quick look inside only to be presented with a Cradlepoint WiFi router filling the entirety of the space inside:

RIM Porsche glove box

Staring at me from the top of the router was a white label on the top. I’ve enhanced this in the picture below so you can see it properly. Yes, that’s right, they had a label with a default password (a reasonably weak one too) stuck to the top of the router! 🙂 Obviously I’ve blanked out the actual password in the pics:

Default password anyone?

Now I just want to say here that if anyone from RIM is reading this, please do not crank this up as a security incident or go mental at the QNX guys, this is just an amusing story. After all, it’s a demo and chances are the default password was not being used, someone had probably changed it.

Security is only as good as its weakest link

However, here is the serious bit – with all the convergence of mobile tech and the emergence of connected homes, cars and cities, it just goes to show that security is often only as good as its weakest link. That may not be the mobile technology itself, just something it’s connected to. Oh yes, another security message here – don’t leave phones unattended on trade show stands and always lock your glove box!

Cyber Security at Mobile World Congress

Here is a re-post of the blog I did for the Smart UK site (@smartukproject) in preparation for Mobile World Congress. I’m doing quite a few things out there, but I’m looking forward to this on the Tuesday morning (28th), it is going to be a great event,. There are still places available and I encourage anyone interested in mobile security and fraud related topics to sign-up.


The UK government recently published the Cyber Security Strategy. What implications does this have for the mobile industry and society at large? With the mobile device at the centre of nearly everyone’s life, the integrity of mobility is paramount. The mobile industry has weathered a variety of security incidents over the years but has been relatively successful in comparison to other industries. Can any lessons be learnt from the past successes of mobile that will help for the future? Is the industry living on borrowed time?

This year’s UKTI and ICT KTN Mobile World Congress seminar: Cyber Security in the Mobile World; will look at the vast array of subjects which now come under mobile security – including cyber bullying between children, fraud against telephony systems through to emerging technologies such as machine-to-machine and LTE infrastructure. Crossing all of these varied topics are industry needs such as the lack of security-aware software engineers and the need to prosecute criminals who defraud or attack electronic systems.

While the mobile industry has made great efforts to learn the past mistakes of the PC world in terms of security, the anti-virus industry has reached saturation in its traditional space. Do mobile devices really need anti-virus or can newer operating systems and technologies negate the need for this type of end point security? Can these companies transform their business models to the changing mobile security landscape and continue to provide a useful service to consumers? How can application stores and developer programmes be improved?

We are pleased to have some of the world’s leading mobile security experts speaking at the event next week. Make sure you sign up as soon as possible in order to reserve your place.

David Rogers runs http://blog.mobilephonesecurity.org. He is also advising the UK Department for Business, Innovation & Skills on Cyber Security for mobile.