Tag: mobile security flaw

Researchers in Germany have now identified a common weakness in programming practices.

A research team in Germany has now stated that they have found a common poor programming practice that has left a flaw that could lead to a mobile security exposure that risks data breaches for millions of app users.

The method of authenticating users could potentially place the personal data of those individuals at risk.

The flaw in the programming could potentially expose the personal data of the users of the apps in which the developers used those mobile security practices. The reason is because of the method by which the app developers authenticate users during the data storage and retrieval processes with cloud databases, such as the Amazon Web Services and Parse at Facebook. The reasearchers are from the Darmstadt University of Technology and the Fraunhofer Institute for Secure Information Technology.

The researchers identified the mobile security flaw by looking into 750,000 Google Play and Apple Store apps.

What the researchers found was that many of them use mobile authentication strategies by way of basic API-tokens, despite the fact that there are other methods readily available that are considered to be notably more secure.

This app development strategy is in direct opposition to the advice for best practices that has been issues by cloud storage providers. According to a statement made by Amazon Web Services, they have been advised of a “small number” of mobile app developers who have apps that hold AWS credentials. It said that it is their belief that those developers have “inadvertently embedded their own AWS credentials within their mobile applications, which could lead to unauthorized use of the developer’s AWS services and data.”

The statement also pointed out that AWS took the step to communicate directly with each of those developers in order to offer them guidance for the removal of their credentials from the apps. They also took the step to “encourage them to carefully examine their AWS resources for unauthorised activity and provide assistance as needed.”

The German team’s leader, Professor Eric Bodden said that this was a significant mobile security issue, as they were able to identify 56 million unprotected data sets.

Developers find mobile security flaw with Samsung Android devices

Developers associated with XDA Developers, a mobile software development community with over 4 million users worldwide, have found a serious mobile security flaw in recent Samsung mobile devices. One developer, going by the username “Alephzain,” discovered that many Samsung devices that use Google’s Android operating system. The security flaw allowed Alephzain, as well as other developers, to access all of the physical memory contain within a Samsung device. Developers were able to access this memory because of an exploit that provided then with root level permissions.

Flaw could make information vulnerable to theft

Mobile security has been gaining serious attention lately, largely due to the types of information that are stored on mobile devices. A typical smart phone or tablet contains a user’s personal information, such as name, address, and birth date, all of which can be used in identity theft. Mobile devices are quickly becoming mobile payment platforms as well, which means they can store a user’s financial information, such as credit card and bank account numbers. This information is highly valuable to a hacker.

Galaxy S III among most vulnerable devices

According to XDA Developers, the Samsung devices that are most vulnerable are the Galaxy S III, the Galaxy S II, The Galaxy Note II, and Meizu MX. Devices that make use of the Exynos processor are also likely to have some degree of mobile security vulnerabilities. Several developers associated with the community have informed Samsung of the serious security flaw, with one going so far as to hack several mobile devices in order to prove that the flaw exists. There are no known Android malware applications that exploit this particular vulnerability.

Financial information could be at risk

Samsung’s Galaxy S III is one of the most popular smart phones in the world currently, having become a major competitor against the iPhone 5 shortly after its launch. Part of the reason the device is so popular is because of its use of NFC technology for data sharing and mobile commerce. When used to make payments, the device stores a consumer’s financial information. The glaring mobile security flaw that seems to have slipped past Samsung  may have put the financial information of millions of Galaxy S III owners at risk.