Patch smartphones to avoid compromises: Pure Hacking

SMS authentication can be bypassed

Security patching must move beyond the computer to the smartphone as more security cracks appear in the devices, according to local security experts.

Pure Hacking chief technology officer, Ty Miller, said smartphones such as the iPhone could be easily hacked because the devices are not usually patched with updates on a regular basis.

“Most people are also unaware that an attack has taken place,” he said in a statement. “Smart phones, tablets and mobile devices are now being used with online payment and banking networks that require more security than a smartphone generally provides.”

For example, he said information could be used to bypass short message service (SMS) two-factor authentication to make online retail purchases with stolen information. According to Miller, only two steps are needed to compromise the phone. The first is to capture a username and password being typed into the phone, followed by acquiring the two-factor SMS token that is used to ensure that the transaction is being made by the owner of the phone. “A smartphone can be compromised in the same way that a laptop can be compromised through visiting a malicious website,” he said. “As applications on phones become more sophisticated with features all intent on improving the end user experience, the security to protect this becomes more complex.

Inevitably this leads to vulnerabilitys being introduced. We can only expect continued increases in mobile security exploits.” He added that the prevalence of malicious software being installed on networked computers to capture e-commerce usernames and passwords, as well as credit card details remained a concern for the online payments sector. “There is not one anti-virus system on the marketplace that can ward off a persistent hacker and phishing attack," he said. "I cannot emphasise that enough to organisations and consumers that phishing attacks are here to stay."

Financial services organisations, retailers and consumers all must share joint responsibility to take the required steps to protect personal data," he said.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Tags Pure Hackingsecurityhacking

More about PurePure HackingSmart

1 Comment

Armorlog

1

There is a system that will protect against phishing we have designed it and it it is called Variable Proprietary Character Set Multilayered Login. We will soon have code available for software vendors to incorporate in their existing products. Our gateway product soon to be released will also protect against the evolving MitB threats.

Comments are now closed

Gray market iPhone 6 prices plunge in China

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
CIO
ARN
Techworld
CMO