Monday, August 31, 2015

3 of the Most Vulnerable Security Aspects of Your Smartphone

Mobile Security
Hackers and other cyber criminal miscreants have migrated their projects to the newest venue for their fraud – smartphones. Smartphone users are often confronted with significantly more risk simply by using smartphones intended applications. According to the February 2012 Identity Fraud Survey Report by Javelin Strategy & Research, smartphone users are 35 percent more likely to experience fraud than the average consumer. While the greatest tech developers on the planet are constantly at work to create more secure apps and operating systems, there are still some big threats looming for smartphone users.

Mobile Wallets

With the aid of near field communications, the time is coming soon when you will be able to simply wave your smartphone at a register to pay for goods and services. Mobile wallets, in which your credit cards, bank information, coupons, loyalty cards and even boarding passes are held digitally, may very soon become standard in many places. While it may seem futuristic, it is already becoming common. Identity theft protection company Lifelock points out that services like Google Wallet and Apple Passbook already allow users to tap their phone against a near field communicator terminal to pay for something, and mobile commerce seems sure to follow. The risk for users currently lies within the security of NFC technology, but there are steps you can take to prevent your information being compromised. Creating a password for your phone, closing open apps rather than letting them run in the background, choosing to download apps from trusted sources and never posting your phone number online are all steps that you can take to insure that your data isn't being put at unnecessary risk.

Certifi-Gate

Perhaps one of the biggest smartphone vulnerabilities right now is the Certifi-gate vulnerability. This vulnerability is widespread – according to CSO Online, more than 70 percent of LG Android phones have a plugin installed that creates this vulnerability, as well as 18 percent of Samsung devices and nine percent of HTC devices. Many phones come installed with pre-loaded technical support apps that allow a support technician to take control of the phone remotely, and this is where Certifi-gate creates risk. While running the software remotely takes very high privileges, the app features an authentication problem that allows unauthorized access. Once a hacker has that unauthorized access to your phone, they can perform a frightening number of malicious acts – screen scraping, key logging, and extracting your personal information are just a few.

Currently, the only solution is for manufacturers to push updates out to their users that fix this authentication issue, but manufacturers have been slow to do so. Mobile carriers are equally guilty of not pushing for a solution to be distributed, and there is little users can do other than only choose apps from trusted companies and reach out to their phone manufacturer and carrier and demand the vulnerability be addressed.

Text Attack

The scariest vulnerability is one that you cannot prevent by being responsible – such is the case with the Android text attack vulnerability. The text attack doesn't require you to accidentally download malware or click on a corrupt link, instead only requiring ta hacker to know your phone number. The way that it works is that a hacker creates a short video, places the malware code within it, and texts it to you. Since Android messaging app Hangouts pre-loads videos when they arrive instead of asking for permission, the malware is invited in by your operating system without approval from you. Currently, the risk this vulnerability creates is listed as “high” according to the Android dev teams security risk hierarchy. While an update is coming, it is dependent on your carrier and manufacturer to get it to you. In the meantime, don't share your phone number online or in social media and you will reduce your risk of being targeted dramatically.

0 comments: