Category: Mobile Security

A hidden antenna was used by researchers to test the ease of sensitive customer data theft.

A paper was recently published, entitled “Eavesdropping near field contactless payments: a quantitative analysis”, which detailed a study in which researchers examined mobile safety attacks through NFC technology security meant for contactless payments transactions.

The researchers made an antenna that they hid on shopping carts using low cost electronics.

Their explanation for this effort was to test NFC technology security with a near field communication inductive loop antenna, which was employed for mimicking an ISO 14443 transmission. Then, in order to be able to actually “eavesdrop”, there was a second, identical inductive loop antenna that was installed onto a shopping cart, which they modified in order to transmit in a way that was like an antenna.

Even though NFC technology security has been touted as safe, researchers found the opposite.

The researchers in this study found that although near field communication based contactless payments are becoming increasingly popular in the United Kingdom and Europe, and that consumers are trusting this tech as safe, these transactions are actually more vulnerable than had previously been thought.

The belief that there could be problems is not new as some had already been pointing out certain vulnerabilities – three, in fact – as early as 2008. Since that time, hacking into near field communications transmissions for payments and directly relaying, skimming, or eavesdropping on sensitive data transmissions from customers has been in the spotlight.

Until now, services had not known how to make this tech both simple and reliable. This is how these transactions are now often viewed. However, these researchers, who are from the University of Surrey, have now looked further into the safety of the tech through the use of cheap and easily accessible electronics from stores. They were able to measure the distance, success rates, and a number of other factors.

What they showed, was that NFC technology security isn’t as high as some might think. They determined that if an attacker with the same equipment was to head out and “shop” for a consumer’s payments data, it would not be difficult for a cyber attack to occur through the use of these electronics, while pointing a shopping cart at the victim as he or she pays for the purchase.

British consumers carrying smartphones and tablets still do not take adequate precautions to protect themselves.

According to a recent mobile security study that was conducted by Trend Micro, a security firm, many consumers in the United Kingdom who have smartphones and tablets have yet to adopt appropriate precautions in order to guard themselves against the theft of their data.

The survey involved the participation of 2,500 device users throughout the United Kingdom.

The results of this study indicated that 27 percent of the research participants have lost up to three company devices. Another 52 percent regularly carry a device on their person that contains sensitive data from work, which increases the risk that their employers and customers could experience fraud from a mobile security data breach.

This mobile security finding should be taken seriously by businesses in the country.

The survey showed that 61 percent of the participants who use their smartphones and tablets for work purposes have not even protected those devices with a password. Among all of the participants 20 percent were using their personal smartphones for business reasons, which means that this number of unprotected device users is a considerable one. Among those who have gone to the effort of protecting their devices with a password, 63 percent have used the same one or a similar one across all of their various digital accounts.

Almost one in every three participants said that they use Wi-Fi hotspots on a regular basis. However 56 percent of hotspot users do not check the security of those spaces before they connect. Twenty two percent access their work emails from those locations, while 10 percent access confidential documents in those public connection environments.

This survey indicates that in the United Kingdom, there is a standard of relative carelessness when it comes to their attitude toward mobile security and the link between their behaviors and the safety of corporate data when using their smartphones and tablets for work purposes, said the report. In fact, among the respondents, 44 percent had a greater concern regarding the loss of their own personal content than they had about giving access to sensitive business data to cyber criminals.