More Flaws Found in Mobile Devices

Tuesday, April 10, 2012 @ 02:04 PM gHale


Mobile devices carry deep-rooted security flaws security professionals are just now discovering and addressing.

As mentioned before, with the use of mobile devices, be they smartphones or tablets, growing in the manufacturing automation sector, the need for a smart security plan is mandatory.

RELATED STORIES
Android Malware Takes Over Phone
Android Bootkit Alert
Mobile Device Security Big Concern
Android Malware Apps in Outside Markets

Findings of two studies of mobile devices highlight how designers of smartphones and tablet PCs failed to fully account for security and privacy implications.

“Today’s smartphones and tablet devices perform the same functions as a PC,” said Dan Hoffman, chief of mobile security at Juniper Networks. “However, the vast majority of devices lack security software and mistakenly rely upon the operating system to keep people safe.”

In one study, security firm Cryptography Research showed how it’s possible to eavesdrop on any smartphone or tablet PC as it is in use to make a purchase, conduct online banking or access a company’s virtual private network.

An attacker can decipher the process used to encrypt data, enabling a criminal to use them to access a financial account or a company network, said Benjamin Jun, Cryptography Research’s chief technology officer. “These type of attacks do not require the device to be modified, and there is usually no observable sign that an attack is in progress,” Jun said.

Cryptography Research is “working with one of the major smartphone and tablet companies right now to put countermeasures in,” Jun said. No known actual attacks have occurred yet, he said.

Meanwhile, researchers at security firm McAfee highlighted several ways to remotely hack into Apple iOS, the operating system for iPads and iPhones.

McAfee’s research team remotely activated microphones on a variety of test devices and recorded conversations taking place nearby. They also showed it’s possible to steal secret keys and passwords, and pilfer sensitive data, including call histories, email and text messages.

“This can be done with absolutely no indication to the device user,” said Ryan Permeh, McAfee’s principal security architect. Apple declined to comment.

Security experts and law enforcement officials anticipate bad guys will accelerate attacks as consumers and companies begin to rely more heavily on mobile devices for shopping, banking and working. “The broader security community needs to assist in providing all users the highest level of protection,” Hoffman said.



Leave a Reply

You must be logged in to post a comment.