Tag: mobile security vulnerability

News of Samsung mobile security issue spreads with threat to millions

The vulnerability that has been identified in some of the tech companies handsets could affect up to 600 million.

The mobile security news involving a flaw in many Samsung smartphones is spreading around the globe as estimates have stated that this issue could impact as many as 600 million people worldwide.

The mobile technology flaw could potentially allow Samsung Galaxy users to be spied upon by hackers.

The phones that could be impacted by the mobile security issue include the Samsung Galaxy S4, S4 Mini, S5 and S6. It comes in the form of a vulnerability that could make it possible for hackers to gain access to the microphone and camera on the device and to spy on users.

According to Buster Johnson of the National Association of Counties Cyber Security Task Force Team, “Hackers will basically be able to take control of a person’s cell phone and have the possibility of accessing a person’s personal information stored on their phone, which could include bank account passwords and other sensitive data.”

This suggests that the mobile security flaw could place users at a greater threat than just their privacy.

Mobile Security Threats on the RiseData and identity theft as well as financial issues could also be thrown into the mix if the wrong information is accessed by the wrong people.

The smartphone security flaw was first identified by researcher Ryan Welton of NowSecure, back in 2014. Shortly thereafter, the security teams at both Google Android and at Samsung were notified of the problem.

The NowSecure blog includes a post from Welton that explained that the source of the vulnerability is in the Swift keyboard, which is pre-installed on the majority of Samsung devices. It is not possible for a user to disable or uninstall it, and its updates occur automatically on their own or when the device has been rebooted.

The mobile security problem comes into play when that update occurs, because the method of fetching the update is not secure if a hacker has access to the network traffic of the device user, for instance, in the case of a public WiFi hotspot. The attacker could use that unsecure network to pose as a server for Swiftkey and then exploit the update, executing a code that would give the hacker privileged user access to the device.

Mobile security issues such as malware are causing a boom in protection services

This is exacerbated by the number of devices that remain unprotected.

Mobile security solutions providers are already struggling with the practices of many clients through their BYOD initiatives – which are becoming increasingly common – but a new report has indicated that the problem is growing on a large number of levels.

The report indicates that cybersecurity threats have taken off over the last two years, particularly in smartphones.

The study was conducted by Juniper Research Ltd., a firm based in the United Kingdom, and indicated that mobile security threats have taken off over the last couple of years and despite that fact, the majority of smartphones still remain nearly entirely unprotected.

This is because mobile security threats are starting to change in their primary focus.

Mobile security threatsAlthough cyber criminals had initially transferred their focus from PCs to mobile devices for consumers, they are starting to concentrate on the enterprise space to a growing degree. By the end of this year, it is expected that there will be one million types of mobile malware that will be thriving by the end of 2013.

In fact, the analysts at Juniper determined that over 80 percent of all consumer and enterprise owned smartphones will continue to be unprotected throughout the remainder of the year, despite the large exposure and considerable threat of malware. The slow mobile security protection is the result of low awareness among device users to the vulnerabilities, and the overall perception that these devices are too expensive to protect.

These findings were published in Juniper’s “Mobile Security: BYOD, mCommerce, Consumer &Enterprise 2013-2018” report. Within that report, Juniper divided the online landscape for mobile security threats down into various different segments. Approximately 70 percent of the threats were found to be able to steal a smartphone owner’s personal data that is stored on the device. An additional 20 percent of these types of malware are forms of adware and spyware that need the permission of the user for installation and that then proceed to collect device location, personal data, or usage behavior.

Though the mobile security situation may look bad, the report did indicate that there is a growth in awareness and that this is beginning to have an impact on the attitudes and behaviors of device users in securing their gadgets.