Pages

Friday, 9 January 2015

3 SMARTPHONE SECURITY FLAWS THAT YOU SHOULD BE AWARE OF


wps5781.tmp
3 Smartphone Security Flaws That You Should Be Aware Of
By Joel Lee,
Make Use Of, 8 January 2015.

What are the hidden dangers of using a smartphone? If your worst worry is someone snooping through your phone, you may want to think again. Smartphone technology is relatively young in the grand scheme of history, which means there are still several security flaws that have yet to be solved.

With that being said, don’t go all paranoid yet! While everyone is certainly at risk when using a smartphone, that doesn’t mean everyone will become a victim. It is vital that you should be aware of these risks and be proactive as far as keeping yourself protected.

So, how many security vulnerabilities are there for smartphones? Let’s take a look at some of the worst offenders.

1. Flawed Communication Protocols

wpsEC50.tmp
Credit: Gabrielsturmer/Wikimedia Commons

There’s no doubt that the Internet’s explosion in popularity was one of the chief milestones in human history. Sure, the Internet has been a vehicle for some truly heinous acts, but many good things have come from it as well.

Unfortunately, there are downsides to being part of a 24/7 global network. For one, data is no longer anchored to a given physical location. There was a time when files had to be transferred using a tangible medium, e.g. a floppy disk or USB thumb drive. Today, data is freely sent and retrieved over the air.

Data is more easily intercepted nowadays, which means a greater reliance on secure communication protocols. While smartphone encryption methods already exist, the problem is that people don’t care enough to encrypt their communications. They fall victim to “It Won’t Happen To Me” syndrome.

Not so long ago vulnerabilities were revealed in SS7, the international network that telecom companies use to transmit calls, texts, etc. These vulnerabilities, when exploited, make it possible to listen in on any calls and track the location of any user.

Since the protocols were developed back in the 1970s, it’s not hard to see how they could be riddled with security holes. Complex global systems like SS7 will always be open to overlooked security flaws.

wps48DA.tmp
Credit: HLundgaard/Wikimedia Commons

But newer technologies aren’t any safer. The NFC protocol - which allows modern smartphones to transfer data with a physical “bump” - can be intercepted. In fact, NFC leaves your smartphone open to a drive-by attack. RFID chips, which are like modernized wireless barcodes, can be hacked.

Secure connections are important for mitigating these kinds of protocol weaknesses and keeping your data protected against snoopers. That’s the key to safety when partaking in data-risky activities like unsafe mobile banking.

2. Smartphone Viruses Are Real

wps97E0.tmp
Image via BGR

The common joke is that only Windows users need to worry about viruses, but the truth is that every operating system has its risks and smartphones aren’t exempt. Android, iOS, Windows Phone - none of them are bulletproof. Yes, that’s right: iPhones can get viruses!

In fact, according to the National Vulnerability Database and the data in Common Vulnerabilities and Exposures of 2013, over 200 vulnerabilities were found in iOS, giving it 81 percent market share of all smartphone vulnerabilities. That’s more than Android, Windows Phone, and Blackberry combined.

Don’t get me wrong: that’s not a cheap shot at Apple. The point is that every smartphone ecosystem has its problems. None are exempt no matter what anyone tells you.

Earlier this year, a new security flaw surfaced that affected over 90 percent of all smartphones in the world. This problem - which stemmed from a particular industry standard shared by iOS, Android, and Blackberry devices - made it possible for remote hackers to access data, erase data, or upload malicious data.

This is just one of many truths concerning smartphone security. Viruses can come from anywhere, including various app stores where you might end up accidentally downloading scam apps. Downplay the impact of malware at your own peril.

Here are some warning signs that you have malware along with how you can keep yourself protected. Don’t fall into the trap of thinking you’ll never catch malware. You owe it to yourself to stay as secure as you can.

3. Built-In Security Holes

wpsBBA1.tmp
Image via One Solution

Earlier this year, Apple fell under the spotlight when a security researcher discovered an iOS security backdoor. The claim was that Apple had purposely left a hole that made it possible to pull encrypted data on demand from any iOS device. When confronted, Apple surprisingly confirmed that the backdoor existed.

A security backdoor is a hole that’s purposely left in an otherwise secure system that makes it easy for anyone who knows about the backdoor to bypass whatever security measures are in place. How many backdoors does your phone have?

According to some research at North Carolina State University, ten Android models from Samsung, HTC, LG, Sony, and Google were analyzed for security vulnerabilities. Of all the vulnerabilities they found, 60 percent came from apps preloaded by the manufacturers themselves.

To be clear, not all of those preloaded apps were intended as security backdoors; many of them were innocent tools that happened to be insecure. But it does leave us with an interesting question: how much can we trust smartphone manufacturers, anyway? The future looks pretty bleak, especially with the FBI asking Congress to force the inclusion of backdoors.

Final Thoughts

This isn’t an exhaustive list of flaws. There are several other smartphone security risks worth familiarizing yourself with, including Wi-Fi insecurity, location triangulation, and SMS phishing. The smartphone is not a secure device.

The best thing to do is reform your security habits. Avoid making these critical smartphone mistakes and you’ll find that your device to be more secure than it ever was.

[Source: Make Use Of. Edited.]

No comments:

Post a Comment

Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.