Patch smartphones to avoid compromises: Pure Hacking

SMS authentication can be bypassed

Security patching must move beyond the computer to the smartphone as more security cracks appear in the devices, according to local security experts.

Pure Hacking chief technology officer, Ty Miller, said smartphones such as the iPhone could be easily hacked because the devices are not usually patched with updates on a regular basis.

“Most people are also unaware that an attack has taken place,” he said in a statement. “Smart phones, tablets and mobile devices are now being used with online payment and banking networks that require more security than a smartphone generally provides.”

For example, he said information could be used to bypass short message service (SMS) two-factor authentication to make online retail purchases with stolen information.

According to Miller, only two steps are needed to compromise the phone. The first is to capture a username and password being typed into the phone, followed by acquiring the two-factor SMS token that is used to ensure that the transaction is being made by the owner of the phone.

“A smartphone can be compromised in the same way that a laptop can be compromised through visiting a malicious website,” he said. “As applications on phones become more sophisticated with features all intent on improving the end user experience, the security to protect this becomes more complex.

Inevitably this leads to vulnerabilitys being introduced. We can only expect continued increases in mobile security exploits.”

He added that the prevalence of malicious software being installed on networked computers to capture e-commerce usernames and passwords, as well as credit card details remained a concern for the online payments sector.

“There is not one anti-virus system on the marketplace that can ward off a persistent hacker and phishing attack," he said. "I cannot emphasise that enough to organisations and consumers that phishing attacks are here to stay."

Financial services organisations, retailers and consumers all must share joint responsibility to take the required steps to protect personal data," he said.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingPure Hacking

More about PurePure HackingSmart

Show Comments