October 7, 2022:
The Mobile Ecosystem Forum, supported by The Campaign Registry, hosted MEF Connects on the Las Vegas strip on Sept. 27. During the event, the head of the former Federal Communications Commission Chairman, Ajit Pai, spoke about new regulations that could affect the entire mobile industry, from carriers to smartphone makers. Additionally, MEF leaders addressed the changing mobile landscape, 5G and the potential of mobile identity.
With over 20 years of experience, MEF is a global trade association with member companies powering mobile services like messaging, content, advertising and the Internet of Things. The non-profit forum supports multiple discussions in different critical areas for the industry.
TechRepublic spoke with the CEO of MEF, Dario Betti, to understand the growing mobile privacy and security issues, new regulations and their impacts, the passwordless future, and opportunities for the near future.
While the organizations responsible for regulating the mobile industry have been supportive of the sector—especially with the deployment of 5G—generating appealing scenarios to attract potential operator investment, security and privacy issues challenge the sector.
Smartphones have become woven into every aspect of our lives. As the world went digital and hybrid, the number of global smartphone users rose exponentially. In this new era, users embraced new services, apps, mobile banking and digital wallets. But with this transformation, spam, robocalls, scams, frauds, phishing and smishing increased.
SEE: BYOD Approval Form (TechRepublic Premium)
The CEO of MEF explains that voice over IP solutions allow robo-callers to pretend to be using a phone number operating within the country when it is not. These calls have reached such levels that the industry is looking to take action. Additionally, VoIP allows fraudsters or cyber criminals to hide their location.
“They can call a large number of people without really having significant costs. So all of a sudden, the network has been abused by some in the U.S.,” Betti said.
In March 2020, the FCC mandated that phone companies implement caller ID authentication to combat robocalls using a technique and technology known as stir-shaken. Betti explains that stir-shaken is designed to help trace calls, but it can not identify if the caller is a good or bad actor. Betti adds that while the tech is advanced and has many benefits, it has not been effective, and MEF numbers reveal this fact.
“Actually, they (spam and fraud calls and SMS) are potentially growing. We have checked that in the U.S. and many other countries, about 10 of them, and the numbers are not changing,” Betti said.
The 8th Annual Global Trust Report of June 2022 reveals that mobile users in the U.S., Brazil and South Africa are the most affected by privacy and security breaches. The survey says that 46% of surveyed users received unsolicited messages-spam, up six points since 2021.
Additionally, 43% reported unsolicited calls to their mobile phone, 37% say they received fraudulent emails aiming to collect sensitive (up eight points since 2021) and 36% received fraudulent texts aiming to collect sensitive data (up 11 points since 2021). Mobile account hacking and virus or malware were also reported widely by users.
According to MEF, global users have awakened to the value of their data and identity.
“They have begun taking protective actions through settings management, multi-factor authentication, masking identity and behavior, and active and passive protection technologies,” the organization said.
However, with 70% of the world’s mobile users being in some state of unease and attacks and spam increasing, trust continues to erode. The CEO of MEF says the good news is that while there are no technical solutions to the situation today, regulators and the industry are working together to find common ground.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“The proposal is to use stir-shaken or something similar,” Betti said.
The challenges are the limitations of stir-shaken. It only works with voice today, so the tech needs to adapt to work with SMS as well, and it must be able to do more than just identify callers’ locations, as VoIP allows for rerouting calls. Betti adds that “restricting traffic is not a solution.”
On the other hand, stir-shaken would also need to work not just in the U.S. but internationally, as spam, fraud and mobile threats are global crises.
“It can be something that can stop or reduce these threats massively,” Betti said.
The regulation would demand immense efforts from the entire sector, technology makers and carriers. Deploying it would be a monumental challenge and opportunity for cooperation.
“It does take the entire industry,” Betti said. “Whether it’s Verizon or AT&T or any other operator in the U.S., they need to be compliant with regulations.”
The FCC is now encouraging additional features, like checking if the number is “proper.” This implies validating if the number has been released to somebody in the U.S. to prevent spam call operations that use U.S. numbers but are based abroad. Mobile identity could be part of the solution.
The standard definition of mobile identity is the development of a technology for online authentication and digital signatures, where the SIM card of a mobile phone works as an identity tool. However, as the passwordless future begins taking shape, mobile identity continues to evolve.
In May 2022, the FIDO Alliance—out to solve the world’s password problem with passwordless technology—announced that Apple, Google and Microsoft expanded their commitment to accelerate passwordless sign-in. Apple has already revealed that the new iCloud Authenticator, part of iOS 15, will have passwordless authentication. In the passwordless sectors, mobile phones are usually used as a tool to verify access.
SEE: Mobile device security policy (TechRepublic Premium)
Whether using two-factor authentication, MFA, pin codes or biometrics like face ID, global users have been slowly becoming accustomed to using their smartphones to verify their identity. But, mobile identity could go beyond these methods of authentication and make automated security decisions.
Not only would users not have to remember the many passwords they use every day, but mobile identity could also host additional critical data, for example, the country of the user. This additional information—given by users with prior consent—could be used to reduce the number of financial frauds and prevent cyber criminals from accessing a bank account or using credit cards if, for example, the country data does not match that of the user.
Mobile identity is a concept the industry envisions as an all-in-one ID that would allow people to safely travel and access financial or vital services like healthcare and education. Mobile identity, as a global verification standard, could reduce many privacy and security problems like spam, swapped or cloned mobile phones, and attacks while enhancing customer experiences across services and apps.
The CEO of MEF advises leaders to focus on solutions that are already out there solving real-world problems. While 5G and the metaverse are hype words, he suggests investing in technologies and solutions that have already achieved maturity.
“5G will not change that many companies today, maybe in the future, like the metaverse,” Betti said.
Betti acknowledges that both technologies have potential and will be disruptive. And while he suggests leaders should definitely look into them, when it comes to return on investment, there are other options.
“Some things that are probably less sexy, like mobile identity, are very applicable to a lot of companies out there. Then, some things may be super sexy, and you need to think about them, like the metaverse, but you don’t necessarily need to invest a big amount of money today,” Betti explained.
The metaverse, 5G and 6G may be the promises of the future, but today, the big players of the mobile industry are service, privacy, security and content.