Category: Mobile Security

The vulnerability that has been identified in some of the tech companies handsets could affect up to 600 million.

The mobile security news involving a flaw in many Samsung smartphones is spreading around the globe as estimates have stated that this issue could impact as many as 600 million people worldwide.

The mobile technology flaw could potentially allow Samsung Galaxy users to be spied upon by hackers.

The phones that could be impacted by the mobile security issue include the Samsung Galaxy S4, S4 Mini, S5 and S6. It comes in the form of a vulnerability that could make it possible for hackers to gain access to the microphone and camera on the device and to spy on users.

According to Buster Johnson of the National Association of Counties Cyber Security Task Force Team, “Hackers will basically be able to take control of a person’s cell phone and have the possibility of accessing a person’s personal information stored on their phone, which could include bank account passwords and other sensitive data.”

This suggests that the mobile security flaw could place users at a greater threat than just their privacy.

Data and identity theft as well as financial issues could also be thrown into the mix if the wrong information is accessed by the wrong people.

The smartphone security flaw was first identified by researcher Ryan Welton of NowSecure, back in 2014. Shortly thereafter, the security teams at both Google Android and at Samsung were notified of the problem.

The NowSecure blog includes a post from Welton that explained that the source of the vulnerability is in the Swift keyboard, which is pre-installed on the majority of Samsung devices. It is not possible for a user to disable or uninstall it, and its updates occur automatically on their own or when the device has been rebooted.

The mobile security problem comes into play when that update occurs, because the method of fetching the update is not secure if a hacker has access to the network traffic of the device user, for instance, in the case of a public WiFi hotspot. The attacker could use that unsecure network to pose as a server for Swiftkey and then exploit the update, executing a code that would give the hacker privileged user access to the device.

Researchers in Germany have now identified a common weakness in programming practices.

A research team in Germany has now stated that they have found a common poor programming practice that has left a flaw that could lead to a mobile security exposure that risks data breaches for millions of app users.

The method of authenticating users could potentially place the personal data of those individuals at risk.

The flaw in the programming could potentially expose the personal data of the users of the apps in which the developers used those mobile security practices. The reason is because of the method by which the app developers authenticate users during the data storage and retrieval processes with cloud databases, such as the Amazon Web Services and Parse at Facebook. The reasearchers are from the Darmstadt University of Technology and the Fraunhofer Institute for Secure Information Technology.

The researchers identified the mobile security flaw by looking into 750,000 Google Play and Apple Store apps.

What the researchers found was that many of them use mobile authentication strategies by way of basic API-tokens, despite the fact that there are other methods readily available that are considered to be notably more secure.

This app development strategy is in direct opposition to the advice for best practices that has been issues by cloud storage providers. According to a statement made by Amazon Web Services, they have been advised of a “small number” of mobile app developers who have apps that hold AWS credentials. It said that it is their belief that those developers have “inadvertently embedded their own AWS credentials within their mobile applications, which could lead to unauthorized use of the developer’s AWS services and data.”

The statement also pointed out that AWS took the step to communicate directly with each of those developers in order to offer them guidance for the removal of their credentials from the apps. They also took the step to “encourage them to carefully examine their AWS resources for unauthorised activity and provide assistance as needed.”

The German team’s leader, Professor Eric Bodden said that this was a significant mobile security issue, as they were able to identify 56 million unprotected data sets.