Wednesday, June 17, 2015

600 million of mobile phones at risk

Be careful, whoever with a Samsung Galaxy, especially the S6 and S5 models. An attacker might be monitoring your camera and microphone, reading your messages and installing malware. Things aren’t better in the iOS side. We’ll talk about it, as well as a recent study over corporate security related to mobile phones. At last, to avoid speaking only about mobile phones, we’ll finish with an interesting initiative which will provide us free digital certificates.    

The problem, which concerns to no more and no less than 600 million of Samsung cell phones, lies in the default keyboard updates and its languages. Researchers have proven that it’s possible to impersonate the server which sends the update and replace it by malware. The exploit, shown in the BlackHat conference, also works despite we’re not using this keyboard, which can’t be uninstalled by the user.     

As we said, things are not better in the iPhones’ land. Chinese researchers have revealed that they warned Apple about a serious problem in iOS and OS X, which allows the robbery of passwords from all the apps, including the original phone mail app and iCloud. Apple asked for six months to solve it…and they’re still waiting for an answer. Google Chrome, which was also affected, has created a patch.  

So, whatever could say the advertising, the world of mobile security is still very immature. Both in the manufacturers and the consumers side. A study by eMarketer says that 62% of managers and employees use interchangeably at home or at work their mobile devices. Among these, 92% keeps sensitive corporate information on them, which is no concern for 32% of managers. As we said, in its boyhood.

We finish talking about an old solution to improve the security of the phones and many other devices: digital certificates. The Let's Encrypt, Mozilla, Cisco and the Electronic Frontier Foundation initiatives, have announced that in September they will begin to provide free digital certificates as a way to help network security. A little earlier, in late July, they will present the first one to the world.

Possibly these certificates are not the panacea, but at least they constitute a little contribution, a way of showing to the rest of  the Internet companies that cooperation, sometimes without charge, is the right thing.


Post a Comment