Tag: mobile security problems

Mobile security barrier overcome by DoD

The agency has managed to break through a roadblock that had been giving it a considerable challenge.

The majority of government agencies find that establishing adequate mobile security is not exactly an easy process, as federal experts still battle their way through the tech to try to be able to provide the right level of access through smartphones and tablets, while still protecting their applications and data.

That said, the Department of Defense may now have broken through one of the biggest problems it had faced in this area.

Deputy chief information officer for cybersecurity at the Department of Defense, Richard Hale, has announced that a roadblock that the DoD has been facing for some time now in mobile security may now have been broken away. He explained that the department has come up with a new approach that will keep up its dependence on the Common Access Card (CAC), but that will apply it in a new and fresh way. It turns out that they will not be placing the public key infrastructure credential directly onto the smartphones and tablets. At the same time, “We will not have a separate CAC card reader or something like that,” he said.

Hale spoke of this new mobile security strategy as an AFCEA panel moderator of the D.C. chapter’s Cybersecurity Summit.

Department of Defense Mobile SecurityHe said that there are three separate pilots underway that have already demonstrated that this mobile device security system can be implemented effectively. He did acknowledge that there remain certain security issues in the effort to bring the credentials to the device, but that the department is working their way through those. Therefore, they do not yet have a “formal program to put an issuance infrastructure in place.”

Still, Hale said that it is his belief that within the upcoming “couple of months we’ll make a decision that we have a particular path to credential issuance and then we will put a program up and start doing it.” He even went on to make a “bold prediction” in which he stated that by the close of 2015, the department would already be “issuing derived credentials on a production way on mobile devices.”

According to Hale, this mobile security effort is being examined for all of the major device vendors, including Android, iOS, Microsoft, and Blackberry.

Mobile security shaky at Snapchat, again

Experts are saying that the popular photo sharing app is experiencing a lacking in privacy protection.

According to the complaints of a number of experts regarding the Snapchat app, the level of mobile security behind the application is greatly inadequate for protecting the privacy of its users.Mobile Security - Mobile Apps

Some now feel that the mobile app development team behind the app lacks the necessary understanding.

Among the most recent steps that the company has taken toward improving mobile security includes last week’s introduction of a CAPTCHA code verification. This is designed to help to ensure that all new subscribers are humans and not computer programs. It is important to avoid computer created accounts as these are common methods used by cybercriminals for the distribution of spam or to discover ways to grab personal information from other users of these types of mobile apps.

While the number of fake accounts may be reduced, it doesn’t mean that the mobile security is strong.

Although the CAPTCHA techniques can shrink the number of fake accounts that a service experiences, a graduate research assistant from the Georgia Institute of Technology, Steven Hickson, was able to easily hack into Snapchat despite its latest upgrades.

The CAPTCHA implementation at Snapchat was weak to the point that Hickson required under an hour on the mobile development of a computer program that would be able to trick the system with “100 percent accuracy”. Hickson explained that “They’re a very, very new company and I think they’re just lacking the personnel to do this kind of thing.”

In order to make sure that the potential user of the service is a human, the system selected by Snapchat involves having to choose the white ghost mascot of the company from among nine illustrations. Unfortunately, only the size and angle of the correct image is altered, making it simple for a computer to be able to recognize.

In order to stop a CAPTCHA mobile security system from being hacked, Hickson explained that “you want something that has a lot of variety in the answer,” adding that you essentially want one correct answer, but a vast array of different incorrect answers. This needs to be too complex for a computer to be able to solve while being quite obvious to a human.