MOBILE PHONE SECURITY THREATS

Standard

Note: This is a re-created post. Find the original content by using reference links (PFB).

Mobile platforms are going to be harder to secure


Lost and stolen

Lost and stolen smartphones and other mobile devices are the biggest mobile security threat to enterprises, according to security experts watching the evolving threat landscape. Yet, the hype around malware would lead users to believe otherwise.
The risk of an employee leaving their smartphone behind at a restaurant or bar and having it fall into the wrong hands is far greater than an employee downloading malware onto their device.
Device owners rarely use a passphrase or code to protect unauthorized access to their device. That leaves the phone wide open to a thief. Contacts, email messages and data saved in some applications can be easily accessed by the average criminal. While most enterprise mobile security software suites have device location and wipe features, but a lack of security policy around personally owned devices means many employees and their organizations remain at risk. By the time a device is reported lost or stolen, a thief could have already made off with the data.
Near field communications (NFC)


The potential still exists for a sustained and exponential increase in mobile device attacks, but it will likely take years before cybercriminals flock from the desktop to mobile devices, he said. New payment technologies, such as near field communications (NFC), which can turn any smartphone into a virtual credit card, may make attackers take a closer look at mobile platforms.

Fewer security controls

The attack surface is much greater on mobile devices and there are far fewer security controls. You can do everything you can do on a laptop but you also have other things like location information, an SMS channel, voice dialing, a camera and sensors that are a potential way in. These are still the early days and we still need to get a handle on the new risks and threat models and learn how to use some of the security strengths of the mobile platforms correctly

Geolocation madness

A device user’s location can be an extremely valuable piece of data for marketers. It also can add important and valuable functionality for certain applications.

Privacy protection legislation will mostly address location-based services, but look for loopholes put in place for mobile carriers and other entities. We’re going to see indiscriminant use of location-based information become a crime. Cybercriminals could eventually latch onto this location-based services trend with malware and other tricks that take advantage of location data to trick users into giving up more sensitive information about themselves, including account credentials.

Excessive permissions


Application permission requests were built into mobile platforms as a way to improve security, but those notifications, which require the end user to confirm an application’s breadth on a device, are being largely disregarded by device users. People are quick to choose functionality over security and privacy. Most device owners continue to give applications elevated privileges and that means the latest game they downloaded may have the functionality to tap into the device’s messaging app or location data.

Carrier IQ software
This diagnostics application was placed on some devices by mobile carriers, but the software was not always optional, and in many cases users didn’t even know it was on their devices. Security and privacy advocates were outraged because the software could report GPS location data, record which dialer buttons were being pressed and the URLs being visited by device owners.

Unsecure Wi-Fi


Most devices automatically roam for the nearest open Wi-Fi hotspot. Unfortunately, automated tools make it easy for just about anyone to snoop on people or even take over their browsing session. Researchers have demonstrated that by using basic tools of the trade they could take over a person’s unsecure webmail session, Twitter or other social media account. Many services, including Google, have responded, supporting encrypted sessions that protect users on open Wi-Fi, but the threat remains.

Websites that don’t use SSL/TLS encryption correctly could be putting smartphone users at risk to a well-known Wi-Fi hotspot attack called sidejacking.

Mobile application vulnerabilities


The Google Android and Apple iOS app stores have given rise to a new crop of mobile application developers. Mobile application frameworks lack maturity, and when combined with the need for speed, that has resulted in applications with shoddy code, flaws and functionality that is not needed. Some developers churn out new mobile applications too quickly. Researchers studying mobile applications are finding a lot of coding errors. Speed leads to costly mistakes, such as authentication or authorization errors, poor file-system permissions and application permissions that are too lax.

Mobile operating system threats: ANDROID

Android has been the most successful mobile operating system this year and rules more than 50% of the market. This success has made it a target and all the rivals as well as the cybercriminals have made various applications for android that are malicious. All these activities are being performed in order to rage the android users and kill Google’s market.
Google has taken action to delete more than a dozen cloned applications hosted on its Android Market after they were found to be malicious, racking up expensive text messaging charges on owners smartphones. Google’s reaction has been quick, but not quick enough, at least ten thousand users downloaded one of the malicious apps from the list.

One of the most popular hidden Trojan is called DroidDream which gives cybercriminals the ability to break out of Android’s built-in application security sandbox feature.



Flawed Android Apps


Mobile developers building applications for Android devices are making many of the same mistakes as enterprise developers, and those poor coding practices may be rendering encryption and other security features ineffective.

 

Hard-code cryptographic keys

The Developers sometimes hard-code cryptographic keys to make it easier to develop the application.
40% of Android applications contain at least one instance of hard-coded cryptographic keys. The practice gives every user of an application the same encryption key, which is similar to everyone within an organization using the same password to secure their data. Because Android applications are easy to decompile, an attacker can easily extract and publicize hard-coded keys.
Coding errors abound in mobile apps, because the tools and frameworks for building them are less mature.

Application permissions
As with all Android applications, users must choose to allow the permissions requested by applications before they can be installed. Permissions are displayed by the Android operating system under broad headings that summarizes the implications of the permissions requested. For example the permission to allow an application to send SMS or MMS messages is organized under the easy to understand heading of “Services that costs you money”.  Understanding these permissions can help users avoid applications which make unnecessary requests. In this particular instance, the applications ask for the permission to send SMS messages – a service that will cost you money (something users should think twice about before accepting and proceeding with the install).

Android’s success makes it a target
Microsoft is using the latest malware campaign aimed at rival Android to give away new Windows 7 Phones to the five Android users who tell the best tales of woe.

Other platforms won’t be safe either
We’ve already seen it done in the Android Market and we’re bound to see it happen on other platforms. Rather than traditional desktop malware, “Trojanized” applications could initially cause trouble to individual owners and ultimately be a problem for enterprises. Attackers could steal account credentials and use them against corporate networks or they can tap into freely available information – data found on Facebook and other social networks – to conduct targeted social engineering attacks against employees. In other words, If someone loses their phone and an attacker gets access to that application, the attacker could basically get access to all the data that everyone in the organization can access.

Conclusion:Even though we don’t know how everything is going to get attacked, we can still be prudent in how we go about building mobile applications.

References:
http://network-security.alltop.com/
http://searchsecurity.techtarget.com/news/2240112288/Top-5-mobile-phone-security-threats-in-2012

Magnet U – World’s first wearable social accessory

Standard

Note: This is a re-created post. Find the original content by using reference links (PFB).

Magnet U – A Social Proximity Gadget

Introduction

Wireless communication is most widely used by the mobile devices in today’s scenario. But a mobile phone only allows us to connect with the people we already know or have some details about. Also, in the case of smart phones, one can access the social networking websites but that doesn’t help us know about the real people that might be sitting around us.

It has often been said that the online social networking is killing the real social life of the people. But this won’t be a problem if the online world and real world are merged into each other.

Now, it is possible to take online social networking into the real world, MagnetU bridges the online and the physical.

World’s first wearable social accessory

Connecting users with people they like, and with the businesses they frequent, magnetU is the world’s first wearable social accessory that lets people wear their social desires, allowing immediate social gratification anywhere, anytime.

Dynamic social networks of proximity

MagnetU creates dynamic social networks of proximity between people in the real world. Through a fun concept of “Attractive” – “Hot” – “Red Hot” social match messages, or simply by “cheers” your magnetU with others, magnetU connects users with mutually matched social desires when they are in the same place or in a network of proximity of potentially hundreds of meters. It’s fun and valuable – you can be in the magnetU network whether you are indoor or outdoor, it can work anywhere. magnetU also bridges loyalty programs and physical advertising with online social networking. There’s a whole range of apps for one’s social desires: socializing, social business card exchange, dating, business matches – and more to come.

Connected by a Virtual network cable

MagnetU brings together social networking, mobile telephony and proximity technology, creating the first ever, patent-pending, dynamic mobile network of proximity. It builds dynamic mobile human networks with the people around you – as they walk or stand, anywhere – indoor or outdoor, without even knowing of your actual location! The magnetU network grows organically as users go about their daily activities. People are moving, running, walking and magnetU uses this mobile dynamic environment like they are all connected through a “network cable”.

 MagnetU Profiles

For magnetU, every profile that users wear is actually an application. For example, a profile form that is focused on socializing is used for social applications, a business matches profile is used by business people, and so on. One won’t need to actually develop an application, but a profile form. One can develop different types of profiles, which are themselves applications. The profiles can then be put on our profile applications store, and downloaded by magnetU users.

How it works?

MagnetU is a tiny device that travels along with you and seeks out other MagnetU users. If two social profiles are a good fit, it will notify users of each other’s proximity.

Here’s how it works. Load up the MagnetU application, create a set of “social desires,” and hook it up with Facebook and Twitter. The gadget connects with your phone using Bluetooth.

When social desires mesh, you get a message on your phone that ranks the match as “attractive,” “hot,” or “red-hot.”

Clinking two MagnetU devices together links up your social profiles so you can stay connected with your new BFF after you’ve parted ways.

This sounds like a natural fit for the club and dating scene, but it could also come into play as a business-networking tool for large conferences or events.

Changing profiles

Users can change the profiles they broadcast, or their “social desires,” depending on the situation. You might use a “social” profile that describes your ideal date when you’re out to a bar and a “business” profile that describes your ideal business partner when you’re at a conference. Brands can develop a social desires profile too. A concert venue might, for instance, develop a profile that connects users with similar music tastes.

What is expected?

Instead of setting your gaze permanently at nametag level during conferences, you’d receive a text message when someone with a relevant business opportunity enters the room. And at a concert, you’d know who shares your taste in music without borrowing their iPods.

Privacy settings
When two devices make a mutually satisfying match, they alert their owners via SMS message or mobile app, ranking the strength of the match and delivering whatever contact information the device owners have allowed in their privacy settings.

Exchange of Information

MagnetU also provides Bump-like exchanges of contact information. When users press a “cheers” button and knock their devices together, they automatically send each other friend requests on all of their social networks, in addition to any contact information they’ve listed in their profiles.

Low Cost

A MagnetU device costs only $24. Given its low cost and the attractive features, it has a very good possibility of becoming popular. Everyone around you will be walking around with a MagnetU in their pockets.

 Better than GPS, Foursquare and other social networks

GPS doesn’t work indoors, drains your mobile battery and impedes on your privacy by making your physical location known.

It can also be considered better than Foursquare. From a marketing perspective, this would be like a version of Foursquare that doesn’t require a checkin. From a social perspective, however, it’s a very different thing than Foursquare. Instead of being an extension to offline connections, it creates them.

The device will contain all your social network profiles including Facebook, Twitter, LinkedIn and others.

Drawback
As one need to use a device separate from the smartphone, MagnetU’s success hinges on enough people adopting it.

 

Conclusion:
“It isn’t telling you where your friends are; it’s actually making new connections with new people.”

References:
http://mashable.com/2011/12/05/magnetu/

http://www.thetechcheck.com/gadgets/magnetu-brings-your-social-profiles-to-the-streets/

http://magnetu.com/

Rarely….on the last meet (via the “Santak” diaries …)

Standard

Rarely....on the last meet Rarely….on the last meet by Shan Prologue This poem is a farewell message by the spirit of a dead person to his beloved after one year of his death, when he finally attains freedom after avenging his death. He had been struck down with a van by two of his blood enemies. And he finally slays them. Here it goes……….. “No pen, nor ink could ever write, These words, which here are shining bright; Straight out of heart, they have come to fight, The f … Read More

via the “Santak” diaries …