M-Commerce

Ghosh, A. and Swaminatha, Tara. (2001, February). Software security and privacy risks in mobile e-commerce. Communications of the ACM 44(2) 51-57 Retrieved from http://portal.acm.org/citation.cfm?id=359227

Ghosh, the Director of Security Research at Cigital and Swaminatha, a software security consultant at the same company focus on new security and privacy risks related to mobile e-commerce and how to address these risks. They begin with background knowledge of mobile e-commerce, or simply “m-commerce” and how this new e-commerce is being put at risk. Wireless devices not only have to deal with the normal Internet security threats but they have their own new threats specific to their medium. A major advantage for the hacker or attacker is that instead of “needing to pursue a target”, as Ghosh puts it, “targets can come to attackers in wireless networks simply by roaming through the attacker’s zone.” When roaming through new areas these mobile devices are susceptible to any attackers in that area already. Another risk for mobile devices is theft. Many people feel it is safe to put all their important and valuable information into their mobile device because they own it and that gives them the false sense of security since it is their property, rather than a computer shared by many individuals. This means that these small devices, which are easily stolen, will contain much more information than you would ever wish a hacker to know. The last risk stated in the article is that when users are forced to sign contracts or read privacy policies, because of the physical limitations of the mobile device it is highly unlikely that the user will adequately read all of the “legal jargon” that they are then agreeing that they read. This will lead to them become at risk to scammers. Finally the article discusses that there are many risks related to the software. The authors state that “the most significant risk to m-commerce systems will be from malicious code that is beginning to penetrate wireless networks.”

In this article we learn that m-commerce is becoming a very risky world. Hackers, attackers, and scammers can easily access your personal information through your mobile device. This is especially scary given the amount of time that people spend on their wireless devices these days. Using these wireless devices creates many vulnerabilities and security risks that are very hard to protect from, let alone detect. The authors state three main security risks, however I personally believe that only two of them are legitimate concerns. The last argument they make, pertaining to the privacies policies, seems offbase. In this “day and age” there are numerous reasons why people tend to skim or even completely skip over policies and contracts before signing them. I do not see the validity in their claim that reading these policies on such small screens is the reason that people are skimming them. It is simply lack of interest. However I do agree with the arguments made about theft and network risks. The authors convey the importance of knowing what information you are freely sending out into the world wide web and how likely it is to be seen by another party. Each time we move into a new network there is risk of being hacked. Along with being hacked, each time we moev our mobile device to a new location there is the threat of theft. The authors really get the point across when they state that “without physical perimeter security provided by building, locks and guards, mobile computing devices are at increased risk of theft and loss.” I think the nature of this mobile medium requires a heavy amount of trust and cooperation from both members in the network. Sadly, these members are easily exploited. It is pertinent that we know how to protect ourselves from m-commerce hackers, attackers, and scammers. We have to realize that we should always stay aware of our surroundings and make sure not to give away too much personal information online.