SMS connections can be used as one approach to mobile device management.
Seth Mitchell had a problem. As infrastructure team manager for Little Canada, Minn.-based Slumberland Furniture, he needed to deploy and continuously administer 85 wireless bar code scanners for three shifts of workers in warehouses spread across three different states. Those warehouses ship products to 110 retail stores in 10 states. But his network was not easily adapted to remote management. At least, not until it worked out a mobile device management solution with Soft Object Technologies Inc. (SOTI) in Ontario, Canada.
According to Mitchell, in 2006, the company wanted to move away from an older DOS infrastructure that couldn’t be managed remotely. SOTI’s MobiControl software provided a mobile operating system configuration that allowed device management and could integrate with Slumberland’s other information technology.
“Essentially, the same sorts of things you’d do with a full-blown systems management solution, just on smaller-scale devices,” he says. Asset management, event reporting and security are a few examples.
|Mirza: Encouraging use of MobiControl.|
Slumberland’s servers communicate with the mobile devices by using Wi-Fi networking. However, Wi-Fi can be tricky to keep “alive” for critical applications. That is why Haider Mirza, a SOTI device management and security specialist, is urging customers to enable a feature in MobiControl that lets devices communicate with enterprise servers through an SMS instead. Although SMS has garnered its reputation thanks to widespread teenager adoption, it also is proving useful as the lowest common denominator connection for awakening a confused mobile device or for location-based security applications, Mirza says.
Regardless of whether the server/device connection is Wi-Fi or SMS, it works the same. “The communication takes place between our server and an application on the device. The device interprets commands from the server,” rather than having its own executable file, Mirza says. There are some challenges, such as limited message sizes after encryption is enabled, and SMS’ occasional delivery delays, but there also are APIs to help developers maximize what the SMS commands can accomplish, he says.
SOTI plans to add location-based services (LBS) with version 5.06 or 5.07 in the third quarter of this year. “With the location-based services, most of our customers are interested in visibility over the devices, where they are, when they arrive in certain areas,” Mirza says. He also envisions offering geofencing, which is the ability to send alerts when a device leaves a certain range of GPS coordinates.
MobiControl is currently available for Windows Mobile and older versions of the Windows CE/PocketPC operating systems. SOTI is currently talking with Apple about an iPhone version and, in the future, the company will look at Symbian options, Mirza adds.
|Traynor: SMS isn’t a fail-safe solution.|
Not everyone agrees with SOTI’s approach. Security expert Patrick Traynor, who became noteworthy in November 2005 when as a graduate student at Penn State University’s Networking & Security Research Center he published “Exploiting Open Functionality in SMS-Capable Cellular Networks.” Traynor says any kind of business use of SMS can be dangerous. Although useful for corporate security when a device gets lost or stolen, as SOTI suggests, SMS itself is inherently insecure but carriers have improved it somewhat since the 2005 report, he says.
“I think that people have a misconception about what SMS can be used for. Keep in mind that these networks are not the Internet; in fact, they’re very different. There is no authentication of a text message. Things like phishing are very easy because there’s just no way for the average person to verify who these things are coming from,” he says.
Cryptographic signatures and authentication techniques are possible, and are available from open-source companies, but those methods typically reduce the message’s already brief 160-character limit, he notes.
“People need to be aware that [SMS] is not a fail-safe solution,” adds Traynor. “I don’t want to say that people shouldn’t be using these systems because there’s potentially a lot of value from them. We’ve been seeing a lot of companies trying to leverage SMS.”
|Woodbridge: ROVE’s program uses SSL connections rather than SMS.|
One company that won’t be leveraging SMS is Ontario-based Rove Mobile. CEO Rob Woodbridge says his company’s mobile device management software, which is set to launch this winter, will not use SMS. After careful consideration, SMS’ security overhead is not worth the remaining small message size, he says. Instead Rove’s program will use SSL connections over existing wireless links to establish server/mobile communication. (SOTI uses SSL as well if the device still has an active network connection.)
Details of Rove’s upcoming software are not yet public, but according to Woodbridge, its features will tie into the company’s recently announced Mobile Admin application and will focus on technical support in addition to traditional device management. Rove’s customer list includes the U.S. Army, the Salvation Army and about 20% of the companies on the Fortune 500 list, he says.
Meanwhile, at Slumberland, Mitchell says he will look deeper into SOTI’s mobile management applications making creative use of SMS, GPRS and other adopted wireless technologies. He did try something similar from Cisco Systems, but believes SOTI’s version would be more user-friendly and easier to implement, despite past issues related to tedious upgrade processes. “We’ve talked about a lot of different things we could do with their software. That’s definitely something we’d be interested in.”