New Security Flaws Detected in Mobile Devices
Byron Acohid, Mobile Tech Today, 4/10/2012
Two recent examinations of mobile devices reveal gaping security flaws. In one study, Cryptography Research showed how it’s possible to eavesdrop on any smartphone or tablet as it is being used to make a purchase, conduct online banking or access a company’s virtual private network. McAfee showed ways to remotely hack into Apple iOS.
Those cool mobile devices beloved by consumers carry deep-rooted security flaws that are only now being discovered and addressed.
Findings of two recent examinations of mobile devices highlight how designers of smartphones and tablet PCs failed to fully account for security and privacy implications.
“Today’s smartphones and tablet devices perform the same functions as a PC ,” says Dan Hoffman, chief of mobile security at Juniper Networks. “However, the vast majority of devices lack security software and mistakenly rely upon the operating system to keep people safe.”
In one study, security firm Cryptography Research showed how it’s possible to eavesdrop on any smartphone or tablet PC as it is being used to make a purchase, conduct online banking or access a company’s virtual private network.
The process used to encrypt data can be deciphered, enabling a criminal to use them to access a financial account or a company network, says Benjamin Jun, Cryptography Research’s chief technology officer. “These type of attacks do not require the device to be modified, and there is usually no observable sign that an attack is in progress,” Jun says.
Cryptography Research is “working with one of the major smartphone and tablet companies right now to put countermeasures in,” Jun says. No known actual attacks have occurred, he says.
In another demonstration, researchers at security firm McAfee, a division of chipmaker Intel, highlighted several ways to remotely hack into Apple iOS, the operating system for iPads and iPhones.
McAfee’s research team remotely activated microphones on a variety of test devices and recorded conversations taking place nearby. They also showed that it’s possible to steal secret keys and passwords, and pilfer sensitive data, including call histories, e-mail and text messages.
“This can be done with absolutely no indication to the device user,” says Ryan Permeh, McAfee’s principal security architect.
Apple spokeswoman Trudy Muller declined comment.
Security experts and law enforcement officials anticipate that cybergangs will accelerate attacks as consumers and companies begin to rely more heavily on mobile devices for shopping, banking and working. “The broader security community needs to assist in providing all users the highest level of protection,” Hoffman says.
In: Android, iPhone, Mobile Technology · Tagged with: Malware