Patch smartphones to avoid compromises: Pure Hacking
- 01 April, 2011 16:38
- Comments 1
Security patching must move beyond the computer to the smartphone as more security cracks appear in the devices, according to local security experts.
Pure Hacking chief technology officer, Ty Miller, said smartphones such as the iPhone could be easily hacked because the devices are not usually patched with updates on a regular basis.
“Most people are also unaware that an attack has taken place,” he said in a statement. “Smart phones, tablets and mobile devices are now being used with online payment and banking networks that require more security than a smartphone generally provides.”
For example, he said information could be used to bypass short message service (SMS) two-factor authentication to make online retail purchases with stolen information. According to Miller, only two steps are needed to compromise the phone. The first is to capture a username and password being typed into the phone, followed by acquiring the two-factor SMS token that is used to ensure that the transaction is being made by the owner of the phone. “A smartphone can be compromised in the same way that a laptop can be compromised through visiting a malicious website,” he said. “As applications on phones become more sophisticated with features all intent on improving the end user experience, the security to protect this becomes more complex.
Inevitably this leads to vulnerabilitys being introduced. We can only expect continued increases in mobile security exploits.” He added that the prevalence of malicious software being installed on networked computers to capture e-commerce usernames and passwords, as well as credit card details remained a concern for the online payments sector. “There is not one anti-virus system on the marketplace that can ward off a persistent hacker and phishing attack," he said. "I cannot emphasise that enough to organisations and consumers that phishing attacks are here to stay."
Financial services organisations, retailers and consumers all must share joint responsibility to take the required steps to protect personal data," he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
-
Anonymous Takes Aim at Indian Government
-
Java creator: Fears over consequences of possible Oracle trial win may be overblown
-
Detroit makes pitch for ousted Yahoo employees
-
LightSquared question is in FCC's hands now
-
EU Parliament to vote on ACTA without waiting for a court decision
-
Windows 7 for Seniors for Dummies®
-
Office 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Dummies® Dvd+book Bundle
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Teach Yourself Visually Windows 7
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies®
-
MYOB Software for Dummies 6E Australian Edition
-
Microsoft Office
Comments
Armorlog
There is a system that will protect against phishing we have designed it and it it is called Variable Proprietary Character Set Multilayered Login. We will soon have code available for software vendors to incorporate in their existing products. Our gateway product soon to be released will also protect against the evolving MitB threats.
Post new comment