Category: Mobile Security

Mobile security shaky at Snapchat, again

| February 3, 2014

Experts are saying that the popular photo sharing app is experiencing a lacking in privacy protection.

According to the complaints of a number of experts regarding the Snapchat app, the level of mobile security behind the application is greatly inadequate for protecting the privacy of its users.Mobile Security - Mobile Apps

Some now feel that the mobile app development team behind the app lacks the necessary understanding.

Among the most recent steps that the company has taken toward improving mobile security includes last week’s introduction of a CAPTCHA code verification. This is designed to help to ensure that all new subscribers are humans and not computer programs. It is important to avoid computer created accounts as these are common methods used by cybercriminals for the distribution of spam or to discover ways to grab personal information from other users of these types of mobile apps.

While the number of fake accounts may be reduced, it doesn’t mean that the mobile security is strong.

Although the CAPTCHA techniques can shrink the number of fake accounts that a service experiences, a graduate research assistant from the Georgia Institute of Technology, Steven Hickson, was able to easily hack into Snapchat despite its latest upgrades.

The CAPTCHA implementation at Snapchat was weak to the point that Hickson required under an hour on the mobile development of a computer program that would be able to trick the system with “100 percent accuracy”. Hickson explained that “They’re a very, very new company and I think they’re just lacking the personnel to do this kind of thing.”

In order to make sure that the potential user of the service is a human, the system selected by Snapchat involves having to choose the white ghost mascot of the company from among nine illustrations. Unfortunately, only the size and angle of the correct image is altered, making it simple for a computer to be able to recognize.

In order to stop a CAPTCHA mobile security system from being hacked, Hickson explained that “you want something that has a lot of variety in the answer,” adding that you essentially want one correct answer, but a vast array of different incorrect answers. This needs to be too complex for a computer to be able to solve while being quite obvious to a human.

Mobile payments strategy hinted at by Tim Cook

| January 30, 2014

Apple’s CEO has placed the spotlight back on the ability to complete transactions with iOS devices.

Tim Cook, the chief executive at Apple, recently dropped some hints regarding a mobile payments strategy for the iPhone manufacturer, as well as for the use of the Touch ID feature that was recently added to their mobile devices.Mobile Payments Strategy

Though this was clearly not an announcement, it was certainly a hint about things to come.

Cook linked the idea of mobile payments with the Touch ID system technology that is included in the latest smartphone releases from Apple. When he held a conference call with analysts, discussing the earnings of the company, he stated that this is sector “we’ve been intrigued with,” and added that “It was one of the thoughts behind Touch ID.”

The feature was unveiled as a security enhancement but could also provide mobile payments verification.

The TouchID until now has been meant for making it easy and convenient to unlock the iPhones without having to enter a password. That said, ever since it was first seen, there have been speculations made regarding its potential use for verifying an individual’s identity if the device is used for making a purchase.

That said, Apple has not yet given any other online merchants the opportunity to use the device for making verifications of purchases. It has also not provided access to the fingerprint scanner of Touch ID to third parties. Equally, it hasn’t provided third party access to the Secure Enclave verification computing resources from A7 for any other reasons.

During the conference call, Cook did say that there has been a positive response from the public to the existing form of Touch ID functionality. He expressed that Apple is seeing that people enjoy being able to use it for verification in order to make purchases from the iTunes store. He said that they have been watching people liking the opportunity to purchase content ranging from books to music and movies. His description of the purchases using Touch ID was “incredibly simple and easy and elegant.”

More specifically, he did go as far as to say that in terms of mobile payments, “It’s clear that there’s a lot of opportunity here.”