Mobile Novelties from Barcelona

February 26, 2013

The Mobile World Congress, which is currently under way in Barcelona, is the world’s premier telecoms industry event. It’s the place where the most important announcements are made on issues from the latest smartphones to standardizing mobile payments. Kaspersky Lab will announce its news on Tuesday, during the second day of the congress. While we’re waiting, let’s take a look at Monday’s big news – and what it means in terms of security.


Fox on the smartphone
One of the most resonant events so far was the demonstration of Firefox OS, the “live” version of a new operating system for smartphones. As its name suggests, it was created by Mozilla – a non-profit community famous for its popular web browser.


The OS is based on web standards, all applications are written in HTML5 and Javascript – the “alpha couple”, which is the foundation of any web page. Of course, dedicated add-ons are responsible for access to hardware features, which enable you to run all the usual applications on your phone – from phone calls and navigation maps (via Nokia HERE services) to games (Cut the Rope was demonstrated).

Alcatel One Touch, LG, Huawei and ZTE have already promised to produce mobiles running under the new OS, but more significantly, Firefox OS has secured widespread support among telecoms operators – 17 operators have already announced plans to promote the new development, with Russia’s VimpelCom (Beeline) and MegaFon among them. All Firefox smartphones are expected to be very affordable.

Two features of Firefox’s web heritage are worthy of special attention. First, the user can run applications without installing them onto the smartphone, and they only need to be “recorded” on the desktop if they are in constant use. Second, the system is not limited to a single app store like Apple, so programs can be run and installed from third-party sources. It is here that a serious and threatening problem lurks – a malicious web page (a malicious application, in fact) can get powerful tools to manipulate personal data. This goes beyond the wildest dreams of even the most skilled hackers targeting standard PCs – for example, the unauthorized download of the address book. Of course, the developers have provided protection mechanisms against unauthorized application activity, but experience shows that “holes” are usually found. Hopefully, a mechanism of prompt and accurate security updates will be integrated into the OS, which users can launch without special effort.

It is here that a serious and threatening problem lurks – a malicious web page (a malicious application, in fact) can get powerful tools to manipulate personal data.

The Internet of things
So far, the range of online-enabled devices has mostly been limited to computers and smartphones, but a new generation of Internet-ready devices, such as TV sets, cars and household appliances, is emerging. Technologies that allow such devices to connect to the Internet have existed for a long time, but they are now available in ready-made chips that manufacturers can incorporate into their appliances without much hassle. In addition, configuring equipment has never been easier – devices can be controlled from a tablet or smartphone, and they can be added to the home network’s control panel simply by pointing the smartphone’s camera at a newly-installed device, such as a coffee machine.


Naturally, security should be a key consideration in this. If your smartphone, computer and coffee machine communicate over an unencrypted Wi-Fi channel, this is an invitation for your next-door neighbors to order nice hot cappuccinos from your coffee machine.

NFC (Near Field Communication) technology was demonstrated on a very extensive and impressive scale, operating not only on the Congress grounds but throughout the whole of Barcelona. NFC technology is not new – it was first implemented about seven years ago – but smartphones incorporating NFC only became really numerous in the past year, and their ubiquity is still growing. The idea behind NFC is simple: bring your smartphone close to a reader (or another smartphone) and make things happen.


NFC can be used to ride on the metro, make a credit card payment, sign in at the gym, exchange virtual business cards with a new acquaintance, send pictures to friends, play music from the smartphone on an external speaker, open a website or download a program – there is no limit to its possible applications. MWC demonstrated this on a lavish scale: many cafés and shops in Barcelona accept NFC payments; smartphones could be used by MWC visitors instead of regular passes; interactive booths with NFC functionality were installed throughout the congress grounds. Speaker manufacturers are beginning to offer handy NFC-based accessories – Jabra has joined JBL in promoting this technology. But it’s not just a boon for ordinary users; cybercriminals are no doubt delighted with this abundance of opportunities as well, particularly those related to banking and to downloading applications. This means that as the popularity of NFC grows, malicious applications targeting this convenient technology will also become more common. This is something that we are going to discuss tomorrow with Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab who specializes in the analysis of mobile threats.