Cyber Blog -

I have nothing to hide

Markku KorkiakoskiWe are living in the era of connectivity. No doubt about that. Always on, always available wireless connectivity is providing us social media, online shopping, gaming, advertising and various other digital phenomena which are shaping our society and our way of living with almost uncontrollable speed.

Not so long ago, when traveling, the old fashioned paper map and tourist brochure were almost the only options you had when exploring the unknown. Now the whole world knows instantly that it was a glorious morning in the suburbs of Berlin and you just had the best run ever. This piece of information comes with pictures, route and even with your heart rate. And there’s absolutely nothing wrong with it! Exercising is great, especially the morning run. It keeps you going throughout the day and it also gives you something to talk about with locals. I do the same when I travel, or at least I try to.

Yet, by doing this, you have also exposed yourself to the world in a way that you perhaps did not realize. You have revealed your location, given out some valuable information of your whereabouts and routines, and in the worst case, you have done the same to your colleagues. We saw this in a recent event where a popular fitness app revealed the location of overseas soldiers. And internet never forgets. Once the data is in, it remains. This mundane example should raise the alarm. Still, I’m quite sure that it won’t. The pressure to be always-online-or-else-I-will-miss-something-important is strong.

“I have nothing to hide”, is something we often hear. True, if you don’t care about the privacy aspect or the fact that the data can be used for influencing purposes. We have all seen how this kind of data can be used when influencing our daily decisions through targeting advertising or even targeting messages and news headlines based on our online profile. When you are responsible of your own data, you are entitled to make these kinds of decisions to share your data online. You just need to understand the potential consequences, or at the bare minimum, you need to live with those.

The potential of utilizing the wireless connectivity is not just the luxury of the consumer; it is also the cornerstone of new and innovative solutions to be used in environments with sensitive data, such as public safety, defense and enterprises. All of these are environments where users don’t necessarily share the same freedom from responsibility as individuals in the consumer segment. When operating in these domains, the integrity of the data as well as the integrity of the solution more importance than one might realize.

“From cyber security point of view, the smartphone creates yet another attack surface for potential misuse or even for a criminal act.”

As an example, let’s think about first responder or governmental official who is in a field operation and accesses the back-end system with a smartphone. In this example the smartphone is being used in a very similar manner as a personal computer at the office, with the exception that instead of sitting next to the PC at the office, the user is mobile. From cyber security point of view, the smartphone creates yet another attack surface for potential misuse or even for a criminal act. Once compromised, the device will potentially provide means to have access not only to data stored in the device, but also to data stored in the back-end system. In practice, handsets we carry in our pockets are computers at hand. For some reason we rarely consider these devices in that way. Instead of paying attention to security features of the smartphone, we might focus on megapixels in the camera.

In both simple examples, the consumer using the health app and the official carrying out the field operation, we might be looking at the same person. Same individual who openly shared data in social media should have more strict and controlled behavior when using the similar, if not the same, device at work. After all, consequences of compromising the data in the back-end system through the smartphone are far more critical than sharing private posts in social media. Luckily, we in the industry can ensure that the device can handle the unwanted situations where someone tries to access the device either physically or remotely. We can build tamper detection, strong authentication methods and encryption to protect the device and the data within. We can even secure the communication; both voice and data from eavesdropping, man-in-the-middle or various other attack methods. Still, this is one dilemma that is difficult to solve purely through technological means.

At the end of the day, it is the human who makes the difference. After all, security is always as good as the weakest link. Technology will provide the means to cope with most of the threats, but the trust towards the solution comes from a holistic approach and it, in many ways, requires interaction with the industry and the end users.

Markku Korkiakoski, Director, Business Development – Cyber Security, Bittium