This action might not be possible to undo. Are you sure you want to continue?
Obrero, Davao City
Assessment 5 ES 310 Elective 1
Submitted to: Engr. Cristina Enriquez
Submitted by: Ann Juvie S. Papas
September 23, 2010
Mobile Commerce Overview: Why mobile is changing the way business happens?
Over a decade, mobile phones have changed the way we live and work. On the other hand, it is the personal freedom that the mobile phones share it to us, where the people’s confidence emerge the way they want to be and who want to be. Many people consider their phones as an extension of their personal attributes, and through phone we can view what personality is she/ he inhibits. Mobile phones are connecting people more than ever before and becoming a substance to glue and hold the social interactions of one’s place. Like internet, mobile phones made our transactions available 24 hours a day, 7 days a week. It gives us countless opportunities for the businesses to connect to their costumers and build a meaningful relationship with businesses. There are over 3 billion mobile phones worldwide. Almost 40 % of our total populations carry mobile phones (Informa, Nov 2007). By now, since the adaption of mobile phones continue to grow, we have 4 billion people are now currently using their mobile phones. On some other countries, mobile phones are replaced within 18 months (2006, Semiconductor Industry Association). Companies who sell mobile devices also do some technical improvement and attached some features like camera and introduce in the market very well.
Mobile Phones: Revolutionary Devices
The evolution of the mobile phones is rapidly changing, from simple to complex where the market has enormous choices to choose from. The combinations of more powerful devices forced the mobile service operators to bring their infrastructure one step ahead especially the mobile network connections (such as 3G networks able to carry large amounts of data at high speed as broadband connections do for computers). In most markets, phones with the characteristics below are already becoming available:
A communicative device
Ever since mobile phones are intended to give a good communication whatever ways it provide either through voice, email or short message services (SMS). A connective device This could be through the availability of the Bluetooth or MMS. Mobile phones can transfer or connect to other sources of data to other phones. This is also important in mobile email transaction, however the limitations of transferring big size of file is still the issue of materializing a good connections. A transactional device Mobile devices could serve as a good arena to do transactions especially banking transactions. That’s why we have electronic wallet that is available in our phones that can be used as payment device. An intelligent device Mobile phones fuse a lot of complex features like camera, internet connection and even location finder (GPS). Internet connection is available if you have queries to allow you to
browse and interacts depending on the request. As time passed, mobile phones serve us as an agent of change, tools that facilitate connecting things in the physical world to information about them in the digital world.
What is M-Commerce?
Advances in wireless technology increase the number of mobile device users and give pace to the rapid development of e-commerce using these devices. The new type of electronic commerce conducting business transaction via mobile terminals is called as mobile commerce or m-commerce. Due to its flexibility, easy to disseminate information, personalization and even the unique physical characteristic of mobile devices made this a type of commerce very famous and leave a big impact to the world of conducting a business. The emerging of mobile commerce operates in an environment where the connectivity becomes faster and furious in anytime, anywhere and anyone that become a subject who conducted business and make used as a strategy and eventually generates a good revenue packages into their business. For example, according to Guy Singh (2000), the global mobile commerce market is expected to be worth a staggering US$200 billion by 2004. The marriage of mobile devices and the Internet is, however, filled with challenges as well as opportunities. Definition "Mobile Commerce is the use of information technologies and communication technologies for the purpose of mobile integration of different value chains an business processes, and for the purpose of management of business relationships.“
Due to its finite characteristics better than the other commerce, many companies became more interested in mobile business that viewed it as unexplored market and attached to it is a huge potential profit. Many countries up to date still competing and even established a large area to do their strategy. Countries like Japan and in Europe are already witnessing the success of mobile commerce. In Japan, the NTT DoCoMo's iMode phone has issued a great success highlighting the application of wireless technology to a business world. In recent year, the iMode phone established a continuous connectivity to the Internet that attracts almost 13 million Japanese citizens particularly the youth sector. Europe has also accepted a simple transaction using Short Message Service (SMS) that made an e-mail transaction very easy and reality, and even the Wireless Application Protocol (WAP) that manages the web browsing and other industrial applications to communicate wirelessly. A retail study from AT&T Inc.’s Sterling Commerce and ecommerce service provider Demandware Inc. found that consumers are increasingly turning to mobile devices to add deepness and convenience to their in-store shopping experience. The independent survey, which examined consumer tastes and positions surrounding mobile shopping, found that 15 percent of consumers have used their mobile devices to make purchases. However, the study also found that concerns around security and ease-of-use threaten the progress of mobile shopping and payments. “The key finding is that 15 percent of all mobile phone users—not just smartphone users—made a purchase from their mobile phone,” said Adam Forrest, product marketing manager at DemandWare
Woburn, MA. The age demographic with the highest usage was 25-34 with 21 percent of them making a purchase from their mobile phone. This online survey was conducted by SmartRevenue in June/July 2010 and surveyed 3,611 male and female consumers ages 18 and older living in the United States. Mobile devices have become an integral part of society and, for some, an essential tool. However, the complex design and enhanced functionality of these devices introduce additional vulnerabilities. These vulnerabilities, coupled with the expanding market share, make mobile technology an attractive, viable, and rewarding target for those interested in exploiting it.
Since the world is categorized in two distinctive characteristics _the bad and good in developing one thing, the bad side is also conducting or playing their roles in business transactions. So through also the advancement of mobile commerce, this commerce becomes also a subject to their plans. Mobile malware is one of the destructive elements that clogging the flow of success of the mobile commerce. So it was proven that the security is one of the reasons that the company should focus too. Mobile malware is also advancing and increasingly malicious and financially motivated and unwittingly catching it off guard. According to Patrik Runald, Chief Security Advisor at F-Secure said that we have 400 mobile viruses are now recognized up to date, resulting in thousands of damage worldwide. "At some point, the criminals now developing PC malware will start focusing on mobile devices. It's not a question of if, but when and how. I'm keeping a close eye on the iPhone -- it may be the tipping point that sets the mobile malware field afire." Before we proceed on how to prevent mobile malware, let us first understand how and why mobile malware developed and the way it propagates. The most common operating systems used by mobile phones and personal digital assistants (PDAs) are Microsoft Windows Mobile and the Symbian OS. Nokia's S60 user interface is based on Symbian OS, an operating system that is developed and
maintained by Symbian Ltd and adopted by many mobile companies like Samsung, Panasonic, Siemens, and Lenovo. Most of the mobile malware below affected mainly on what platform is very mush used.
(Zhu Cheng, McAfee, Mobile Malware: Threats and Prevention)
Connectivity was not so powerful way back that became a big factor to the attackers to develop a malware. Mobile market was still very small that it lacks an interest to supervise their plans, but still there are developed and available mobile malware moving around in mobile commerce.
Palm Liberty was the first mobile malware that can be proven through arguments back
in August 2000. This Trojan ruled over in the register of Nintendo Gameboy emulator shareware as a patch but actually it deleted all the applications that were installed in the Palm PDA. Liberty losses its popularity because it targeted just a small amount of naïve users. In fact, Liberty was so unsuccessful that most antivirus companies begin their mobile malware signature lists with Cabir.
Symbian Cabir the forerunner of 15 variants was released in June 2004. This worm
infects the Symbian Series 60 smatphones by sending itself through the Bluetooth connections. The operations were to click the user or open a message in inbox by clicking yes when prompted by the installer. Cabir was propagating without a certain noticed until it was discovered and reported rapidly to give an alarm to the users in infected 20 countries who had a devices which somehow popular as the Cabir main subject. However, Cabir faded because of it propagates too slow regardless to its number of infected victim because of its capacity to spread one phone per reboot. For most victims, Cabir's only adverse impact was battery drain.
Sibling Mabir had somewhat better reach compare to the other mobile malware. It
propagates through MMS instead of Bluetooth connection, Mabir listens to incoming MMS or SMS and respond by copying itself and sent to victim’s phone in MMS format. We can see that Mabir overtaken the limitations of what Cabir’s ability but somehow less in software architecture and depended on social engineering and even explicit user acceptance for activation.
In early 2005, Commwarrior (the predecessor of seven variants) improved on these
techniques by searching both for nearby Bluetooth devices and sending itself via MMS to phone numbers in the victim's local address book. Commwarrior also sends randomly named files to avoid immediate user recognition and tries to covers its tracks afterwards. As a result, even though it still required user acceptance to install, Commwarrior was far more successful in propagating. More importantly, it caused financial damage by racking up MMS transmission fees. One operator reported that malware was responsible for 5% of its MMS traffic.
A pair of Pocket PC malware programs emerged around the same time as Cabir. Duts is
a small, innocuous virus that runs on an ARM-based WinCE PDA. The user must invoke Duts and accept a threatening prompt ("Dear user, am I allowed to spread?") before the virus can attempt to append itself to all .EXE files in the current directory. Brador is an ARM-based WinCE trojan that copies itself to the Pocket PC's Startup folder, emails the victim's IP address to the author, then listens for incoming remote control commands. However, neither proof-of-concept propagated itself to other mobiles, nor were they installed without active user participation. Mobile virus writers quickly returned their attentions to the OS with the biggest market share: Symbian.
(Lisa Phifer, President Core Competence)
According to F-Secure's Runald, approximately 98% of mobile malware programs identified to date are designed to run on Symbian. "Series 60 second edition is the primary target," Runald said. "The third edition pretty much kills off malware because of code signing." Based on the presented mobile malware above, most companies are practicing code signing in their software from tampering and sensitive function invocation by unauthorized applications. However, code signing is still ineffective to prevent unsigned application installation, due to the user that they’re not so concern about the code signing and even willingly downloaded and installed the unsigned application to their phones. As new mobile viruses and Trojans are continuing to improve themselves, new malware stopped announcing itself as Cabir and Duts did.
Symbian Skulls is part of the family of Trojans with 31 kinds. Skulls propagate but overwriting all the applications with non-functional versions except those required for communication. The non-functional version is very much like Cabir but much improved.
The later variants are mixed with FlexiSpy – a spyware program called "phones" that locks itself to resist removal and records voice calls and SMS text, relaying that private information to an Internet server. In addition, FlexiSpy is commercial spyware sold for up to $349.00 per year. Versions are available that work on most of the major smartphones, including Blackberry, Windows Mobile, iPhone, and Symbian-based devices. The following are some of the capabilities provided by the software: • • • • • • • • Listen to actual phone calls as they happen; Secretly read Short Message Service (SMS) texts, call logs, and emails; Listen to the phone surroundings (use as remote bugging device); View phone GPS location; Forward all email events to another inbox; Remotely control all phone functions via SMS; Accept or reject communication based on predetermined lists; and Evade detection during operation.
FlexiSpy claims to help protect children and catch cheating spouses, but the implications of this type of software are far more serious. Imagine a stranger listening to every conversation, viewing every email and text message sent and received, or tracking an individual’s every movement without his or her knowledge. FlexiSpy requires physical access to a target phone for installation; however, these same capabilities could be maliciously exploited by malware unknowingly installed by a mobile user.
(US-CERT- United States Computer Emergency Readiness Team).
Symbian Pbstealer is a trojan that builds upon Cabir's Bluetooth propagation
mechanism. To trick users into installing it, Pbstealer poses as a shareware address book compaction utility. Instead, Pbstealer sends a copy of the victim's local address book to the first nearby Bluetooth device that it can find.
In February 2006, the first J2ME trojan emerged as Redbrowser, a Java applet that
disguised as a shareware WAP browser that could retrieve Web pages for free. Instead, Redbrowser sent SMS messages to premium numbers in Russia at a cost of $5 a piece.
In December 2007, the Symbian Beselo worm started to spread itself via Bluetooth
and MMS. Beselo is similar to Commwarrior, except that installation files are not identified by the usual .SIS extension. Instead, Beselo files are named with .MP3, .JPG, or .RM extensions, fooling users into opening these phony multimedia files, thereby installing Beselo.
In February 2008, a new WinCE InfoJack trojan appeared, packed inside legitimate
application installer packages like Google Maps, posing as an optional add-on. InfoJack disables Windows Mobile's installation security so that other unsigned applications can be installed without warning. It then sends the victim's serial number, operating system, and other information to a website in China.
In March 2008, Symbian Series 60 second edition devices were targeted by
MultipleDropper, a malicious program that arrives via Bluetooth or MMS then installs Commwarrior, Beselo, and a new trojan, Kiazha. After sending an SMS to the malware's author, Kiazha attempts to extort $7 (RMB 50) as ransom, to be sent by the user through the Chinese IM network QQ.
(Lisa Phifer, President Core Competence)
Symbian in general and the Symbian Series 60 second edition in particular, remain favorite targets because the target population is large and those older devices harbor exploitable vulnerabilities and mainly because Symbian OS is an open platform. Newer Symbian devices, including Series 60 third edition, cannot actually run many of these trojan and worm installers thanks to Symbian OS 9 Platform Security features like Capability Management and Data Caging. Runald expects the iPhone to draw mobile malware because of its growing popularity and its relatively feature-rich operating system.
Mobile Malware Preventions
Mobile phones today especially those Windows Mobile API’s OS based they provided automatically a signed application. Only the certified programs can call Mobile API’s. So, it’s up to the user if she/he will add an unsigned application that can create damage to their phones. Since mobile commerce primarily evolves from e-commerce with the use of the features from laptops or desktop PC’s , the prevention that can be apply to mobile phones is the same on what you do to your PC’s. Here are the basic steps that Zhu Cheng: McAfee research scientist and Lisa Phifer recommended:
Install mobile anti-virus software
We have lots of mobile anti-virus available by the vendors that is in the market already. It is good to have a PC based-mobile antivirus so that you wouldn’t have difficulties in removing infected files.
Do not save business data on your mobile
Save confidential files or photos on removable disks. Just to be sure.
Back up frequently (files or data)
It is good to practice to make frequent back-ups data especially contact lists. You might appreciate this way until your phone will be infected and force to do such action.
Be careful with Wi-Fi and Bluetooth
Make sure your Bluetooth and Wi-Fi connection is off especially outdoor environment and if also you don’t have any transactions involving this any connections. You wouldn’t know, your phone might detect a malware without noticing it.
Install process management software
Using process-management software, advanced users can search for suspicious processes on our mobile phone and stop them. Due to the phone’s limitation, Window Mobile cannot run all the applications. So, log all the running processes when you’re sure the mobile is not infected. And it would be easy to detect if there is something wrong in your mobile phone.
We have other recommendations by the US-CERT in addition for preventing malware to be practiced:
Maintain up-to-date software, including operating systems and applications; Install anti-virus software as it becomes available and maintain up-to-date signatures and Enable the personal identification number (PIN) or password to access the mobile device, if Encrypt personal and sensitive data, when possible; Disable features not currently in use such as Bluetooth, infrared, or Wi-Fi;
Set Bluetooth-enabled devices to non-discoverable to render them invisible to Use caution when opening email and text message attachments and clicking links; Avoid opening files, clicking links, or calling numbers contained in unsolicited email or text
messages; unauthenticated devices;
Avoid joining unknown Wi-Fi networks; Delete all information stored in a device prior to discarding it; and Maintain situational awareness of threats affecting mobile devices.
Mobile Malware and M-commerce
Mobile malware become a big threat to mobile commerce especially if it involves mobile banking transactions. Like the ways of attackers do in E-commerce, attackers in mobile commerce customized another version fit for mobile commerce like SMiShing for SMS, Vishing attacks in voice communication and many more. Mobile commerce and mobile payments provide a significant opportunity for security hackers. As the number of mobile users conduct mobile commerce and become comfortable doing so, the number of potential targets will outweigh the wireline side. This will likely entice security hackers to focus attention on the mobile industry and target smart devices for financial gain. Knowing that hackers tend to go where the money is, this is certainly an area about which mobile carriers need to be concerned from a security perspective. If mobile users do not feel it is safe to purchase new applications, this lack of trust will have a dramatic effect on the growth of the mobile carrier’s business. Similar to the way the computer world has been attacked by DDoS, viruses, and botnets, mobile carriers will also come increasingly under fire. Mobile attacks will be driven by the increase in open networks, open devices, and financial transactions conducted over the mobile network. It is difficult for mobile users to protect themselves, so it will be important for mobile carriers to move mobile security to the forefront, protecting their users and their revenue streams from hackers and the coming onslaught of security attacks.
Cheng, Z. (n.d.). Mobile Malware:. Threats and Prevention . Das, M. (n.d.). Application of in Mobile. GS1. (2008, February). Mobile Commerce. Opportuities and Challenges . Networks, J. (2010). Mobile Security. Why the time is now , 6. Phifer, L. (2008, September 30). Prevent mobile malware: Learn how to protect your enterprise and devices. Retrieved from SearchMobileComputing.com . Recklies, O. (n.d.). M-Commerce. The next Hype . Schell, A. G. (n.d.). Future Trends in Mobile Commerce. Service Offerings, Technological Advances and Security Challenges . Shileds, T. (2010, February 17). Mobile Malware Counterpoints. US-CERT. (n.d.). Technical Information Paper-TIP-10-105-01. Cyber Threats to Mobile Devices . Victor A. Clincy and Garima Sogarwal. M-Commerce, Emergent Platform For Training & Educating. Kennesaw , Georgia.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.