Today, it is easy to see how the mobile security landscape parallels threats seen in the desktop space for years. And while there are many similarities, mobile computing does have its own unique set of challenges in the way customers use, access and store data. Regardless, customers have the same expectations for their mobile devices as they do with their desktop computers. For example, they want timely security updates to help protect them from emerging threats, to trust applications available to them, and to be able to maintain the privacy of sensitive information on their device.
Compounding these challenges is the fact that many don’t realize that their smartphone is susceptible to the same kinds of attacks that target desktop computers. As a result, mobile vendors must be able to adapt and develop a tailored approach to ensuring security in a way that’s seamless to customers. But RIM also goes beyond that. Maintaining a leadership position in mobile security certainly requires deep integration of security at the product development stage, but it also requires listening to the needs of customers, and working collaboratively across the industry. At RIM, these are some of the core tenets that have led to the unique level of security the BlackBerry® solution delivers and that our customers depend upon.
As the director of the BlackBerry® Security Incident Response Team (BBSIRT), I am responsible to help ensure that RIM can respond to emerging threats. It is our mission to identify and address security risks to our customers, and as part of that mission, we work to build collaborative relationships across the industry.
One segment that is extremely important to us is the independent security researcher community. This community includes some of the brightest minds conducting new and exciting research on the frontier of technology. We are committed to further developing our relationships with security researchers, and we’re excited to have some of the industry’s elite researchers visiting our Waterloo campus for the first BlackBerry Security Summit to discuss their research with our product engineers, exchange ideas and have open discussions.
Why is this collaboration valuable? When leading security researchers get together with the leader in mobile security, it is customers that will benefit from the results. We’ve built a solid security development lifecycle (SDL) into the BlackBerry platform, and security is at our core. However, helping to protect customers against shifting threats requires layers of defense, which includes working with others to identify and plan for new, emerging issues.
As already experienced in the traditional computing space, products released today with the latest security advancements may be effective against current threats and even against some we know are coming. However, shifting user behaviors and rapidly emerging technologies often breed new unforeseen attack scenarios. This can occur even if the vendor works through solid security engineering practices developed by the best developers and security engineers. A great example of this was the early generation of web browsers that primarily focused on the safe transfer and encryption of information over the Internet. Over time, they faced new and emerging threats from script injection and compromised certificate infrastructures. Independent security researchers are at the forefront of discovering new ways to use the convergence of new technologies along with user expectations and behaviors, to uncover those unforeseen security issues. In many cases, this happens before criminals and those with malicious intent can use them against unsuspecting users.
Collaboration with the research community is not new for RIM. In the last year alone, BBISRT participated in over 50 security conferences around the world. These events provide us the opportunity to foster relationships with members of the security community and also to support the research that comes out of it. While RIM invests heavily in internal security engineering, we also support and recognize that independent security research is crucial for the industry and our customers. In addition, we regularly collaborate with researchers who cooperatively disclose vulnerabilities they find to us in order to address them as quickly as possible.
Given how important our relationships are with the security community, we want to go beyond sponsoring and attending conferences to further develop our relationships with researchers and protect customers. The BlackBerry Security Summit offers an effective way to exchange information and ideas between our own talented engineers and external security researchers. We plan to share and listen on several important topics including the future of mobile malware, baseband security and advanced “fuzzing” techniques. These are all topics we are eager to collaborate on with the security community, as well as putting focus on areas where RIM continues to make investments as a leader in mobile security.
Ultimately, security researchers and RIM have the same goal: protect mobile customers from threats. Working collaboratively on the remediation of newly discovered vulnerabilities in a coordinated fashion, along with having an open dialogue and exchange of innovative attack and defensive techniques, is the most effective way to reach our common goal.
These types of summits are a common occurrence for technology companies that place a high priority on security, and hosting the BlackBerry Security Summit is another step in our ongoing collaboration with the security researcher community. Together, RIM and security researchers are working to address the mobile security challenges of today, and to protect customers against the mobile threats of tomorrow.