THIS CHAPTER TAKES A HISTORICAL LOOK at mobile networks, smartphones, and other mobile devices. With this understanding, you’ll be better able to grasp the security issues related or specific to mobile networks and devices.

Over the past 25 years, the advances in mobility have been significant. Evolving from clunky analog phones that were little more than novelty status symbols (and poor communication devices) to business “smart devices” that people can’t live without, these devices and the systems that support them have changed how people live, work, and interact. For the security professional, however, mobility represents a new and complex set of challenges.

Introduction to Cellular or Mobile Communication

One of the great accomplishments of the 20th century was the rollout of the public switched telephone network (PSTN)—not only because of the technology itself, but also because of its ubiquitous reach. With the PSTN, nearly every home in the developed world (and high percentage of homes even in some undeveloped areas) had a wired communication channel that connected it to the rest of the world, providing a lifeline in times of trouble. The system even provided its own power, keeping the communication channel open when the lights went out. Just imagine the scope and cost of running and maintaining a wired connection in the U.S. alone, with approximately 125 million homes and 20 million apartments. (This does not even include every business and office.)

In the early 1990s telephony was extended beyond the limitations of wired connections with the emergence of the first mobile or cellular phones. (Cellular is a generic term for mobile phone systems or devices. It refers to the portioning of frequency coverage maps, discussed shortly.) Initially viewed as a perk for high-powered executives and a status symbol for young professionals, cellular phones caught on fast. As their popularity rose, technology companies poured hundreds of millions of dollars into research and development, and the pace of innovation took off.

The first-generation cellular phones in the 1990s had limited range and coverage, short battery life, and poor voice quality. Even so, people clearly saw the benefit of having a phone that could travel with them—although few considered their mobile phone to be their primary phone. Flash forward just 20-plus years, and mobile phones are now viewed as an essential part of people’s lives. In some cases, they are the predominate means by which people interact with the world.

The expansion has been impressive. In the U.S., 90 percent of adults now own a mobile phone. Ownership in the 18-to-29-year-old group is 98 percent. In addition, more and more teens and even preteens have their own smartphones. More impressive is that these statistics transcend gender, race, and income categories. The most amazing aspect of this phenomenon, however, is the growing number of mobile phone users who have disconnected their landlines—something that was unthinkable even 10 years ago.

Mobile phones use all the principles of two-way radio communication that have been around since the early 20th century. Well-known problems such as range, power, signal-to-noise ratios, and interference all come into play. This keeps a lot of radio frequency (RF) engineers gainfully employed. Mobile telephony, however, presents some unique challenges. Indeed, one was so critical to making mobile telephony feasible that the solution to the problem became the name that now describes the entire system: cellular. The problem stems from the fact that in a mobile telephony system, there are far more users than there are available frequency channels over which to communicate. This is a two-part problem; this discussion will begin with the physical distribution of channels, or frequency bands.

Cellular Coverage Maps

One of the limitations of cellular technology is the transmission power of the phone. Because the phone is battery-powered, and because battery life is a big consideration, transmission power must be kept low. (There are health considerations as well. You don’t really want a high-powered transmitter pressed to your head for hours a day!) Low-transmission power limits the signal range, however, which means you need to have a receiver nearby.

The solution was to create a coverage map of small geographic sectors, or cells, each with its own antenna tower. Two separate teams of engineers from Bell Labs, 20 years apart, conceived and then perfected the idea of using hexagonal (six-sided) cells. This mapping provides the best coverage, leaving no gaps in the coverage plan. This was referred to as a cellular design and was so critical to the design of the system that term cell phone came into being.

In each cell, there is an antenna array called a base transceiver station (BTS), which communicates directly with the subscriber phones within its coverage area. Usually perched on a tall metal structure, these antenna arrays came to be known as cell towers, or simply towers. In some places, local ordinances require towers to be camouflaged. As a result, many look like tall trees and are easy to miss if you are not looking closely (which is exactly the point). A mobile phone communicates with the tower. The tower in turn communicates over a backhaul circuit either on fixed-line T1/E1 trunks (T1/E1 are the standard digital carrier signals that transmit both voice and data) or on point-to-point microwave links to a base controller station (BCS), which connects to the core network. Typically, multiple towers will connect to a single BCS. The core network links all BCSes so that calls can be established over the local cellular network. It also has connections via gateways to the PSTN and, more recently, to the Internet.

Cellular design fixed the phone transmission power problem. In doing so, however, it created a frequency interference problem. As shown in Figure 3-1, if each cell uses the same sets of frequencies, then users in two different cells on the same channel interfere with each other.

The solution to the interference problem was to split up the frequencies to prevent interference from adjacent cells. With this pattern, interference is greatly reduced (see Figure 3-2).

Taking a step back and looking at the repeating pattern, you can see the genius behind the concept of cellular and frequency reuse patterns (that is, the practice of assigning multiple users to the same frequency channel, achieved by the physical separation and power management of the transmission streams). This is a simplified view, however. Radio-frequency planning requires more than just creating areas that roughly correspond to the hexagonal cell pattern, because the distribution and density of potential subscribers is not likely to be uniform. Therefore, large cells called macro cells (that is, cells within a mobile system for large coverage areas) are needed for rural areas. Micro cells (cells within a mobile system for small coverage areas) are needed for urban areas. Pico cells (small hotspot cells offering Wi-Fi connectivity via a mobile carrier) are needed for dense urban areas. This ensures sufficient capacity per cell or area (see Figure 3-3).

Frequency Sharing

Another challenge with cellular phones is the limitation of frequency channels. The first cellular system rolled out in the United States, for example, had only 830 usable channels—not many at all. This limitation was compounded by the fact that frequency reuse patterns reduced the number of channels in any one cell to about 280 channels per cell. Even in the early days of cellular telephony, this small number of channels was not nearly enough to meet demand. There were solutions to this problem, but all of them were based on the concept of allowing multiple access—either through frequencies, time, or code division.

Frequency Division Multiple Access

Frequency Division Multiple Access (FDMA) is the foundation of cellular coverage maps, but in this case each channel is split up further so that multiple users can share a common channel without interference. FDMA does not require a great deal of timing synchronization, but it does require very precise transmission and receiving filters. FDMA frequencies are assigned for the length of the communication, the downside being that unused channels sit idle. FDMA is a 1G technology, and is still common in satellite communications (see Figure 3-4).

Time Division Multiple Access (TDMA)

Time Division Multiple Access (TDMA) allows multiple users on the same frequency channel, each with its own sliver of time. This works well in a voice conversation because as hard as it may be to believe, a conversation between two people—even very chatty people—is mostly silence. That means there’s a lot of “empty space” on a channel even when it’s in use.

Channel efficiency was greatly improved through the use of voice-compression techniques. These employed intelligent algorithms that could turn speech into mathematical points on a graph. This allowed speech to be replicated with high fidelity (that is, it sounded like the real person on the receiving end) without ever sending the speech signal. As a result, a lot of conversations could be stuffed onto one frequency channel.

TDMA does not require high-performance filtering as FDMA does, but it does require very tight timing synchronization. TDMA helped bridge 1G technology to 2G and allowed for rapid subscriber expansion from the original analog cell systems to digital without expensive upgrades to the system itself (see Figure 3-5).

Code Division Multiple Access (CDMA)

Code Division Multiple Access (CDMA) makes it possible for several users to share multiple frequency bands at the same time by spreading the signal out over the frequencies. This spread-spectrum technique uses codes to distinguish between connections. The wide bandwidths and improved power usage greatly reduce interference, and the coding allows multiple users to occupy the same channel at the same time (see Figure 3-6).

CDMA is a 3G technology that improved the capacity of 1G systems by a factor of 18 and 2G systems by a factor of 6. Because it relies on lower-powered signals, however, CDMA suffers from what is known as the near-far problem. This is when a receiver locks onto a strong signal from a nearby source, preventing it from detecting a wanted signal from a source that is farther away (and therefore weaker). Because CDMA has multiple signals on the same frequency, the near-far problem creates a frequency jam. This is a potential security issue from an availability standpoint, as would-be hackers could prevent communication via jamming. Figure 3-7 shows all three types of basic cellular modulation—FDMA, TDMA, and CDMA—together.

Cellular Handoff

Because mobile phones are—obviously—mobile, cellular networks must be able to accommodate subscribers as they pass out of the range of one transmitter and into the area of another without losing the connection. This requires a controlled handoff from one base station to another. This is known as the handover process, and it occurs at the point when both neighbor frequency signals are at their lowest, usually at the border between two cells. If the handover process is designed correctly, the mobile phone can be passed back and forth repeatedly as the user remains on the border of two cells.

As noted, by overlaying a cell pattern on the coverage area, cells of different sizes can be planned to cater for population density and frequency reuse. The tower, in turn, will communicate over a backhaul circuit using either fixed-line T1/E1 trunks or point-to-point microwave links to the base controller station, which connects to the core network. The core network links all BTSes/BCSes so that calls can be established over the local network. It also has connections via gateways to the PSTN and to the Internet.

The Evolution of Mobile Networks

Mobile phone technology has been available to consumers for only 30 years, but there have been some amazing advancements in that time. Since the first limited commercial rollout in 1983, there have been four distinct generations of technology. These have gone from basic radio communication with a limited connection range and poor quality voice to smartphones capable of managing high-quality voice while taking and sending a 7-megapixel picture with no noticeable drop in quality. This section reviews each generation of cell phone technology, looking at what it was, how it worked, and what the security implications were and are.

AMPS 1G

A commercial cellular system, called the Advanced Mobile Phone System (AMPS), was deployed in the North America in 1993. AMPS used analog signals to connect to cell towers, using FDMA for channel assignment. AMPS succeeded where previous attempts to create a commercial cellular service failed because of its ability to reuse frequencies (FDMA) and to hand off calls between cells in a relatively seamless way that did not involve the user.

The AMPS system was a commercial success despite serious performance issues. Call quality and reliability were nowhere near that of the PSTN, which limited its usefulness. In addition, FDMA, while considered a breakthrough, still consumed a lot of bandwidth per channel, which limited capacity. AMPS calls were also unencrypted, making it possible to eavesdrop on a call using a scanner. Finally, AMPS phones were relatively easy to clone, allowing non-subscribers to gain access to the service.

Although much-improved second-generation technology soon came along, carriers continued to support AMPS phones until 2002, when the older technology was finally phased out.

GSM and CDMA 2G

The big change from 1G to 2G was the conversion from analog to digital. Initially referred to as Digital Advanced Mobile Phone System (D-AMPS), 2G cellular phones and networks used TDMA, which greatly improved bandwidth efficiency and subscriber capacity.

Unlike AMPS, which was essentially the same everywhere it was deployed, two distinct systems emerged for D-AMPS. The first of these was a TDMA-based second-generation technology developed in the late 1980s by an industry consortium consisting mostly of European companies. This technology was called Groupe Spécial Mobile (GSM), although its name was later changed to Global System for Mobile (GSM). The use of GSM was mandated throughout Europe to ensure continent-wide compatibility between countries.

The second major 2G technology was CDMA, which refers to both the cellular system and the method of subscriber access. CDMA was the dominant 2G system used in the U.S. While CDMA and GSM were not compatible, dual-system phones were eventually developed that could operate on either system.

In addition to offering more efficient use of bandwidth, 2G systems also used encryption, which greatly improved security. One of the downsides, however, was that the lower power requirements of digital systems meant that coverage was often poor outside populated areas, which had greater cell density. Another problem with digital was that unlike an analog signal, which degrades in a linear way, digital signals drop off completely when the signal strength falls below a certain threshold. When it’s good, digital quality can be very good. But when it’s bad, it’s essentially unusable.

This 2G technology was the precursor to mobile data networks. The first of these was used for Short Message Service (SMS), which introduced the world to texting. At first, SMS did not seem like a compelling feature. But its use exploded with teens and young adults to the point where many used their phones only for texting. Eventually, subscription plans were created to accommodate these users.

GPRS and EDGE

Although GSM and CDMA were digital technologies and took advantage of multiple access techniques, both were still circuit-switched technologies, much in the way the PSTN was. General Packet Radio Service (GPRS) was the first packet-switching technology method that allowed data sharing over mobile networks. Still considered a 2G technology but often called 2+ or 2.5G, GPRS allowed access to some Web sites—although data rates proved to be too slow for what was becoming a growing need and expectation.

EDGE, which AT&T rolled out in 2003, and which other carriers quickly offered, represented an enhancement over GPRS. It offered high data rates through better data encoding and (at that time) viable data access to many Web sites.

3G Technology

The third generation of mobile technology, called 3G, was the first generation specifically designed to accommodate both voice and data. Based on the International Mobile Telecommunications-2000 (IMT-2000) standards set by the International Telecommunications Union (ITU), 3G can accommodate voice, data, and video.

The first 3G system was rolled out in Japan in 2001. In 2002, it was rolled out in many other parts of the world, including the U.S. and the European Union. Implementation of 3G took longer than anticipated, however. This was in large part due to the need for expanded frequency licensing to accommodate higher bandwidth needs and rapidly increasing subscriber rates. By the end of 2007, however, there were 190 3G systems online in more than 40 countries worldwide.

The most noticeable improvement in 3G was its high-speed data rates. One enhancement to 3G was a mobile protocol called High Speed Downlink Packet Access (HSDPA), which improved data rates to an impressive 14 Mbps. For the first time, the streaming of music and video to mobile devices was supported. Responding to this capability, many content providers created streaming offerings that catered specifically to mobile users.

In addition to the security benefits of 2G, such as encryption, 3G systems also allowed for network authentication, which ensured that users connected to the correct network. On the negative side, smartphones that attached to 3G networks had far more personal-data capabilities—for example, access to bank accounts—as well as access to corporate systems and applications. With the growth in the number of users and an increase in the types of opportunities to exploit, 3G systems and smartphones soon attracted the attention of cybercriminals.

4G and LTE

As of this writing, mobile telephony is in its fourth generation, called 4G, while the fifth generation, called 5G, is in development. Among other improvements, 4G is an all-IP network, allowing the use of ultra broadband and the promise of 1 Gbps data rates. At that throughput level, voice communications can be converted to Voice over IP (VoIP) with high quality, high-definition TV can be streamed to mobile devices, and a host of live interactive gaming applications can be enjoyed.

The two systems currently deployed for 4G are Mobile Worldwide Interoperability for Microwave Access (WiMAX) and Long Term Evolution (LTE). The standards for 4G were developed by the ITU as the International Mobile Telecommunications Advanced (IMT-Advanced) specification. 4G also supports IPv6, which is especially important given the growth of smart devices.

An important change in 4G is the authentication method used. Previous systems used a signaling system called Signaling System 7 (SS7) to set up calls and mobile data sessions. In contrast, 4G uses a signaling protocol called Diameter. Some critics say Diameter sessions are potentially open to hijacking or having users’ personal information exposed, making it a less-than-ideal replacement for SS7. In addition, the fact that 4G is an all-IP network opens it up to all the Internet’s known security issues. Given the vast amounts of private, personal information, as well as company information, stored on or captured from mobile devices, this represents a significant security vulnerability for both individuals and businesses.

BYOD and the BlackBerry Effect

One could make the argument that the company Research in Motion (RIM) Ltd., later called BlackBerry Limited, first opened the door through which BYOD charged. BlackBerry got two things right, which led to its meteoric rise. Interestingly, one of those same things led to the company’s subsequent decline.

The first thing BlackBerry got right was the development of the BlackBerry Enterprise Server (BES) in 1999. The BES enabled BlackBerry devices to receive “push” e-mails from Microsoft Exchange Servers, which meant that users could send and receive e-mails no matter where they were (assuming they had cell coverage, which by then was nearly everywhere).

The second thing BlackBerry got right was to focus its sales effort on IT departments rather than on individual consumers. This was a brilliant move, because at the time, to receive push e-mails from a Microsoft Exchange server, all but the most technical users needed IT support. This put IT in control—which is exactly how IT likes it.

More to the point, BlackBerry designed its product to suit its customers’ wants and needs—which in the case of IT meant easy integration, broad control capability, and decent security (although there were some security issues). The strategy worked brilliantly. By 2010, BlackBerry boasted 36 million users worldwide. However, many people point to this strategy of selling to IT as the root cause of BlackBerry’s subsequent rapid decline.

In 2007, Apple introduced the iPhone, the first of the so-called smartphones. The Android phone quickly followed. Both of these devices (along with others) could also receive push e-mails from Microsoft Exchange servers. Where they differed was their focus on consumer satisfaction and, in the case of the iPhone, on individual prestige. Even the initial launch of the iPhone, which supported no third-party apps, was touted as a BlackBerry killer. With the release of the iPhone 2 in 2008 and its ability to run third-party applications (along with the unveiling of the App Store), the end was near for BlackBerry.

By this time, it was a relatively simple matter to connect to a Microsoft Exchange server without a lot of help from IT. And while many IT departments had a strong preference for BlackBerry standardization, more and more people began showing up at work with iPhones and Android phones. A small but vocal minority pushed to allow third-party devices. If they were told no, many simply did it anyway. As the number of consumer-oriented devices grew, IT was forced to support them.

In the context of this chapter, the real takeaway is that more than any other company, BlackBerry got companies and government organizations accustomed to the idea of employees having mobile devices, giving them near 24/7 access to e-mail no matter where they went. Up to this point, wireless technology had blurred the line between work and not work, but that just meant you could use wireless to connect, shut down and move, and then reconnect. BlackBerry was truly mobile, meaning you could stay connected even as you traveled from place to place. Now workers could (and did) check and respond to e-mail all the time—at dinner, at their kid’s soccer game, and (unfortunately) while driving. With this newfound connectedness, the line between work and not work was all but erased.

Many critics of BlackBerry point to it as cautionary tale of a company that failed to adapt. But few can deny that BlackBerry changed not only how people work, but also the relationship between companies and employees to a degree not seen since the industrial revolution. It also—unintentionally—opened a new front in the in the battle for IT security.

The Economic Impact of Mobile IP

The economic impact of Mobile IP, the standard that allows IP sessions to be maintained even when switching between different cells or networks, has been nothing short of staggering in terms of both scale and acceleration. As noted, the first smartphones appeared around 2007. Their success quickly led to a proliferation of smart devices. Industry analysts predict that by the end of 2015, there will be more than 2 billion smart devices in service, with a market value of more than $700 billion. These devices will drive an applications market expected to be worth another $25 billion in the same period.

As remarkable as this growth is, it’s dwarfed by the growth in data usage. According to studies, data usage grew by an average of 400 percent per year between 2005 and 2010 in the U.S. and 350 percent per year in Western Europe. It’s instructive to illustrate examples with numbers. Figure 3-8 shows the total mobile data usage on a per-month basis. “Petabytes” is a hard number to understand, however. For an individual, it means that if the average monthly mobile data usage was 20 MB in 2005 (which was a lot back then, and would have been quite expensive), the same average user would consume 20 GB per month in 2010—a mind-bending 100,000 percent increase.

The other sea change is that by the end of 2014, tablets would exceed PCs in total units sold. This signifies not just a mobile capability, but an expectation of mobility by consumers. This “new normal” affects the entire technology ecosystem. The obvious players affected are the tablet providers and their parts suppliers, who continue to push the limits of performance and miniaturization. This is only the tip of a very large iceberg, however. Under the water line are massive cascading implications for mobile carriers, data suppliers, and their providers.

For the carriers, the amount of data consumed over mobile connections far exceeds even the boldest predictions made 10 or even 5 years ago. What’s more, the rate of data consumption seems to be accelerating. Mobile providers have been scrambling to keep up with demand, which has boosted subscription rates and driven a great deal of innovation in the areas of compression, streaming, caching, and other data-delivery efficiencies. Interestingly, though, mobile access is beginning to show signs of commoditization, with some providers now giving away data that used to generate lucrative data plans. For example, one major carrier now offers unlimited music streaming outside the data plan. This is a great way to capture a group of users (mostly teens and young adults) who represent potential lifelong customers.

Data providers have also seen incredible growth, and are rapidly becoming media creators in addition to hosting media from other sources. With users now expecting high-performance data over mobile connections, data providers have been compelled to build massive, high-performance data centers in many regions to ensure customer satisfaction. This has proven to be an economic boon for switch and equipment providers, as well as to the economies of many small rural markets where the data centers are built. Just 20 years ago, many considered the availability of downloadable music to be just short of a miracle, even though it took 56 minutes per song. Today, kids complain if the high-definition movie they are watching on their phones (from the back seat of a car traveling 70 miles per hour) buffers for more than 10 seconds. Clearly, the world has changed.

Unfortunately, all the life-changing benefits of high-speed mobile data come with a significant security risk. As more and more facets of our personal lives have an associated mobile app, more and more personal data will end up on people’s phones. This is a gold mine for would-be thieves, who are way ahead of the average unwitting mobile handset user. For cybercriminals who have honed their skills against trained IT adversaries, the average person who may or may not know anything at all about cybersecurity is no match at all. For the IT security specialist, this would be nothing more than a cautionary tale—except for the fact that many of these same unwitting users have access to corporate servers.

Most big-city tourists worry about pickpockets taking their wallet, which might contain some cash, a few credit cards, and a picture ID. These same people, however, often fail to consider that if their phone or device were compromised, they could find all their credit cards run up, their bank accounts cleared, and new credit cards issued in their name and maxed out as well. For good measure, the phone might then be sold to a third party on a cybercrime version of eBay (which not only exists, but even has holiday sales) to someone who might then use it to breach the victim’s company. This may seem far-fetched, but it’s all within the realm of the possible.

The Business Impact of Mobility

It almost goes without saying that the business community has taken great advantage of mobile data—perhaps to an even greater extent than of Wi-Fi. For all of the justifiable security concerns over BYOD, it seems that the boost in productivity is well worth the trouble.

Viewed from a business’s perspective, this is easy to understand. For a business, the promise of BYOD is that for the very small cost of a data plan and a phone (about $1,200 per year for a data plan, plus a one-time $100 phone cost), the business claims access to workers for a much greater percentage of their time, including nights, weekends, and vacations. It’s rare today for a business to operate only during the 9 a.m. to 5 p.m. shift, but even if you extend the workday two hours (8 a.m. to 6 p.m.), you still have only a 10-hour day. Assuming people sleep seven hours per night and reserve two hours each evening during which they turn the phone off (this may be the biggest assumption yet), that leaves five extra hours per day during which employees can make decisions and communicate with colleagues, customers, and partners. In global companies that operate across different time zones, this is especially impactful. Assume as well that BYOD makes available to the company four hours per weekend, and that people check their e-mail several times a day while on vacation.

Consider a salaried employee who makes $100,000 per year. His or her hourly rate comes to about $37 per hour, assuming he works 60 hours a week for 48 weeks of the year, taking four weeks of personal time annually. Applying the preceding assumptions, if this person has a smartphone or device, he or she will spend 90 extra minutes per weekday, 180 extra minutes per weekend day, and 90 minutes per day of personal time off (in slices) checking, creating, or replying to work e-mails. Those slices add up to nearly 700 extra hours of work from an employee that, if billed on an hourly rate, would cost more than $25,000. That’s a great return on a $1,200 investment!

It’s not all positive, of course. There are real security vulnerabilities with which the company must contend, as well as regular occurrences of serious security issues such as attacks or breaches. There is also the argument that smart devices are ready-made time wasters because of their support of apps and social media. Nevertheless, business clearly sees Mobile IP as a big positive, viewing these potential issues as things for the IT security team to worry about. In other words, they assume IT security will fix a problem they probably don’t truly understand.

Business Use Cases

The list of actual and potential business cases for mobility is quite long. This section focuses on some general uses as examples.

Any Business Involving the Moving of People or Things

The arrival of Mobile IP brought with it the ability to track people and assets that, until that point, went into a void from the moment they left the physical perimeter of an office or warehouse until the moment they arrived at the destination (if in fact they arrived at all). This greatly improves delivery accuracy and can also be used to calculate the most efficient routing for drivers.

From a security standpoint, this could lead to the false routing of cargo. (Why hijack a truck if you can change a manifest and have it come to you?) There are also complaints from labor unions about privacy invasion—for example, does the company have the right to know exactly where a driver eats lunch?

Delivery (Drop Off) Loss Mitigation

At first glance, this might seem like the same issue as the one discussed in the preceding section, but it’s a special case. In the construction business, the theft of supplies is a big problem—one for which material suppliers often bear the burden (and incorrectly so, according to them). The problem is that material suppliers routinely drop off materials—such as lumber, lighting fixtures, plumbing supplies, and even appliances—at job sites that may or may not be secure, and that may or may not have a supervisor present at the time of delivery to take possession of the materials. Even if there is a supervisor present, at some point the site will be unsupervised, and often there is little or no security. Theft of materials is an enormous problem because these materials can easily be sold for cash. Unfortunately for suppliers, they often had to shoulder an unfair portion of this loss because it was not always possible to prove that the right materials were delivered to the right sites, and delivery crews simply could not afford to wait around for signoffs.

In recent years, many suppliers have adopted the practice of using the built-in camera in a smartphone to snap photos of the delivered goods and sending the photos to the customer and back to the supplier. Embedded in each photo is a timestamp and geolocation information—that is, the exact geographic coordinates where the photo was taken. In the event of a loss dispute, this proves without a doubt what was delivered, when it was delivered, and where it was delivered. Here, Mobile IP actually solves a security problem.

Information Dissemination

Another big benefit of Mobile IP is the near-instant availability of information to all employees, regardless of where they are. For sales and field personnel, this is a great improvement over the old method, in which they often found themselves with outdated information. When that happened, they were faced with using the old information (which they may have even done unwittingly) or, if the old information was not usable, going without until they could get access to a wired or wireless Internet connection to obtain the right information.

With smart devices, employees can access all manner of corporate information in real time. That means technicians always have the latest manuals, sales and marketing people always have the right information on promotions or competitive intelligence, and support personnel always know the status of orders.

Another great benefit of high-bandwidth mobile connections is live video. Using live video feeds, field personnel can broadcast a problem that is beyond their experience to someone who is more knowledgeable and even get a walkthrough from an expert on the spot. This can work for problems ranging from washing-machine repairs to emergency medical situations.

From a security standpoint, the concern here comes back to C-I-A, as the information in these settings must be private (confidentiality), accurate (integrity), and reliable (availability). The loss of devices also becomes a concern, especially if the devices store or otherwise provide access to private company data.

Enterprise Business Management Applications

Many, if not most, companies that provide enterprise management software now offer mobile applications. This can greatly improve enterprise efficiency, especially for companies with a widely distributed sales force. Applications ranging from customer resource management (CRM) systems to corporate expense systems help companies run more smoothly. Having a mobile version of these applications removes the inefficiency that existed in the gap between the actual activity and data entry or retrieval from the system.

With CRM systems in particular, this is a particularly powerful tool, enabling sales personnel to place orders on the spot, ensure the latest/correct pricing, verify order compatibility, and even get discount approval. The security risk is steep, though. If someone gains unauthorized access to the device or app, the intruder could gain deep and closely guarded information about a company. If the company is publicly traded, the risk is even higher, as it could result in insider trading or other violations of law.

CHAPTER 3 ASSESSMENT

1. Which of the following are the main design considerations for cellular systems?

A. iPhones and Androids

B. Data rates and subscriber plans

C. Frequency sharing and cell handoffs

D. Cell handoffs and forward passing

E. None of the above

2. In FDMA, timing and synchronization are key considerations.

A. True

B. False

3. CDMA was predominant in which generation of mobility?

A. 1G

B. 2G

C. 3G

D. 4G

4. Cell phones in the same cell can communicate directly with each other without going through the base station.

A. True

B. False

5. Which of the following describes EDGE and GPRS?

A. Key 4G technologies

B. Members of U2

C. Frequency sharing techniques

D. Pre 3G data-sharing technologies

6. 4G phones support IPv6 addressing.

A. True

B. False

7. The BES server allows which of the following?

A. Push e-mails to mobile devices

B. Netflix on phones

C. GSM and CDMA compatibility

D. SMS

8. More mobile-capable tablets are sold than PCs.

A. True

B. False

9. Companies tend to lose money on BYOD.

A. True

B. False

10. Which of the following was one thing Blackberry Limited got right that opened the door for the BYOD phenomenon?

A. It invented the first smartphone.

B. It was the first to roll out 3G mobility.

C. Its phones could run third-party apps.

D. Its devices could receive push e-mails from Microsoft Exchange Servers.