SocioConnectitis: Addicted to #Connected #Media

Mobile devices and technologies have afforded us mere mortals the ability to communicate with each other, answer practically any question, access practically any media or content available on the Internet, and entertain ourselves in ways never thought possible 10 years ago.  Since the advent of data communications over cellular technologies such as GSM/GPRS, EV-DO, and HSPA enable the immediacy of these desires.  The air interface alone, however, is not enough to allow flesh and blood to engage and interact with the digital media in that virtual netherworld.  We need devices.  Blackberries, Droids, Symbian devices, and my favorite, the iPhone, bridge the chemically and electrically induced emotions and needs for digital “connectedness” and the digital itself.

But the ways our brains are being rewired where we grow accustomed to checking emails in the kitchen, updating our Facebook status in the bathroom (yeah, could be gross), following our Twitter community sitting in front of the TV, or posting a new vid to Flickr standing in front of the BBQ while grilling some steaks (hey, the thick ones take a while) is taking the “attractiveness” of mobility to all-new heights.

BTW, I’ve personally done all of the above on my iPhone while at home NOT sitting in front of my Mac.  In fact I’ve caught myself pulling out my iPhone to open up TweetDeck or WordPress WHILE I’ve been sitting in front of my Mac with TweetDeck or WordPress already open.  WHAT THE HELL IS WRONG WITH ME?!?!

Nothing and everything, depending on your generational or conservative persuasion.  If you’re reading this blog, or especially if you’ve gotten to this post from a shortened URL, you are likely also suffering from SocioConnectitis.  Defined as: “the insatiable and irresistible need to engage and interact with our social digital media and content. This is sometimes accompanied by narcissism (how many mentions did I get today?), paranoia (why haven’t those friend requests been accepted yet?) and a false sense of urgency (I really, really need to upload those Flip MinoHD vids to Facebook because I’m sure they’ll be helpful in curing cancer).

Where is all this headed?  For sure this second nature (soon to be first nature) act of interacting digitally won’t even be differentiated from breathing or waking up in the morning someday soon.  This is the case not just for industrialized societies, but even the poorest countries and regions are experiencing this.  Maybe not iPhone-class urges yet, but they get the notion of connectedness and those are the seeds of SocioConnectitis. And the device vendors want to cash in this growing behavior with the QUE, more Droids (someday they’ll be sentient beings), iPhone 4G (whatever that is), iSlate, Kindle DX x 10^8, and so many other windows into this digitally delectable world.

Now what? As Andrea True Connection says, “More, More, More.” Or Britney Spears says, “Gimme More.” I’m loving this disease.


GSM Hacking Trial

This week on Dark Reading there was more talk of the cracking of the GSM A5/1 over the air encryption. There is certainly a lot of attention swarming to this topic, rightly so given the pervasiveness of mobile. In addition the hacker community is making statements of the A5/3 encryption who is built into some of the 3G standards.

I think that the biggest concern does lay solely with the cracking of A5/1, but that there is a HUGE community of software programmers interested in “seeing” how vulnerable these encryption protocols actually are and if they can break them. In general this is a good thing to overcome the Kool-Aid Syndrome (where carriers and mobile technologists because too enamored with legacy and the status quo) and get telecom vendors, standards bodies, and carriers to think innovatively and out of the box. However it’s only a good thing if malicious behavior does not reign supreme.

Imagine if the confidential mobile communications of a government official or corporate CEO were intercepted and held for ransom. Imagine if terrorists were somehow to exploit this vulverability to their advantage. As with any socially and globally impactful technology, there are two sides to the coin: the good side and the dark side!

How do we solve this both near term and long term? Do we ban cellphones in certain instances or environments? Is this even feasible given the human appendages that cellphones and smartphones have become?

Catching a Phish with a Smartphone

There was more news today in Dark Reading on the vulnerabilities of the Apple iPhone, RIM Blackberry, and Palm Pre as a result of spear-phishing tests using a phony LinkedIn email. The impact of this social engineering threat is two-fold:

1) There are so many people using their smartphones to view corporate and personal email that it’s hard to guess whether anyone is safe from this sort of attack.
2) Social networking is becoming one of the killer apps on smartphones, especially when coupled with location (such as GPS) and the real-time web (such as Twitter). The attack preys upon the insatiable need to be connected to our communities, even though I have idea why Bill Gates would want to connect over LinkedIn.

According to Joshua Perrymon, CEO of PacketFocus, “he was able to get his spoofed message through 100 percent of the time.” 100%!!!

How do you fix this? According to the article, “The trouble with socially engineered, targeted attacks is that there’s no real “patch” to protect products and users from falling for them. Email authentication technologies like PGP are not widely adopted, and it’s difficult for vendors to spot spoofed email messages, experts say.”

The only resort is to rewind to the stones ages of landline and pen/paper. Highly unlikely so I foresee we’re in for quite the Tsunami of Insecurity with infected mobile devices by the millions and billions.

Open Mobile Platforms and Security

There will be an interesting intersection between open mobile platforms and network/information security looming in the not-too-distant horizon. In particular, security engineers and architects, threat analysts, or general enthusiasts for network and information security have a lot on their plates today on the vulnerability of compute endpoint devices and their subsequent infection with malware that have the potential of creating huge botnets fueling the “snowball effect” of malware propagation and disruption to networks.

Now with the advent of mobile platforms and last years craze on “who’s more open then who” in terms of the mobile OS platforms, this starts to illustrate the next major inflection point of potential for vulnerable endpoints, their sheer magnitude, and botnets like the Internet has never seen. Let’s look at the numbers. Gartner, IDC and other analysts have forecasted on the order of 100-120 Million new PCs to be sold in 2009. This is mostly laptops with a growing number of netbooks sprinkled in there. ALL of the laptops and netbooks will be equipped with WiFi, likely Bluetooth, and an increasing percentage of 3G mobile broadband. OK, so that is certainly a decent target addressable market (TAM) to go off and provide a security solution for any technology vendor.

But the REAL numbers are in the forecasts for mobile devices…on the order of 1.3-1.4 Billion new devices sold just in 2009! So PCs are just a rounding error when you compare that with new cellular mobile devices. And forecasts for smartphones vary greatly, anywhere from 15-20% in 2009 with a trend towards 25-30% by 2012. These smartphones are small compute devices generally with open OS’s, multinetwork connectivity (3G, 2G, WiFi, Bluetooth), and are Always Connected.

We are increasingly using our mobile handsets for what previously was done only on a laptop or PC. We check and write emails, update our Facebook, visit numerous other social networking sites, perform searches for all sorts of things from restaurants to doing research, take pictures and post them to some of the same social networking sites, read RSS or blogs, download files to do what I refer to as “mobile snacking” of the content (scan through a document or Powerpoint pitch for a quick read). Would a security architect or analyst agree that every single one of these actions on a PC would be considered at threatening, hence the need for malware, content, connectivity protection? You bet! And yet these handheld devices and the networks they connect to have generally ZERO protection from the threats!!

So how interesting would a botnet size of rather than 1, 5, or 10 Million endpoints but 10, 50, or 100 Million endpoints be to a malicious code writer or some aggressive government elsewhere in the world looking to put another chink in the economic armor of the US? I don’t know…you do the math.