Tag: mobile security threat

News of Samsung mobile security issue spreads with threat to millions

The vulnerability that has been identified in some of the tech companies handsets could affect up to 600 million.

The mobile security news involving a flaw in many Samsung smartphones is spreading around the globe as estimates have stated that this issue could impact as many as 600 million people worldwide.

The mobile technology flaw could potentially allow Samsung Galaxy users to be spied upon by hackers.

The phones that could be impacted by the mobile security issue include the Samsung Galaxy S4, S4 Mini, S5 and S6. It comes in the form of a vulnerability that could make it possible for hackers to gain access to the microphone and camera on the device and to spy on users.

According to Buster Johnson of the National Association of Counties Cyber Security Task Force Team, “Hackers will basically be able to take control of a person’s cell phone and have the possibility of accessing a person’s personal information stored on their phone, which could include bank account passwords and other sensitive data.”

This suggests that the mobile security flaw could place users at a greater threat than just their privacy.

Mobile Security Threats on the RiseData and identity theft as well as financial issues could also be thrown into the mix if the wrong information is accessed by the wrong people.

The smartphone security flaw was first identified by researcher Ryan Welton of NowSecure, back in 2014. Shortly thereafter, the security teams at both Google Android and at Samsung were notified of the problem.

The NowSecure blog includes a post from Welton that explained that the source of the vulnerability is in the Swift keyboard, which is pre-installed on the majority of Samsung devices. It is not possible for a user to disable or uninstall it, and its updates occur automatically on their own or when the device has been rebooted.

The mobile security problem comes into play when that update occurs, because the method of fetching the update is not secure if a hacker has access to the network traffic of the device user, for instance, in the case of a public WiFi hotspot. The attacker could use that unsecure network to pose as a server for Swiftkey and then exploit the update, executing a code that would give the hacker privileged user access to the device.

Mobile security of wearable tech data called into question

A new report by ABI Research has revealed that wearables are rapidly increasingly in popularity.

The wearable technology market is moving quite quickly throughout 2014, but despite its popularity, the use of these devices could be placing consumers at an ever rising risk of a mobile security breach.

An ABI Research report claims that there will be 485 million shipments of wearables by 2018.

Among the most popular devices in the wearables category includes those that allow for the tracking of health and fitness data. They also often allow this data to be shared with friends, coworkers, or between doctors and patients. However, each new activity that is logged may also be opening up the user to a new mobile security breach risk.

This mobile security speculation by many in the wearables industry has been underscored by Symantec research results.

Mobile Security - Wearable TechOn June 7, 2014, that company’s Security Response team looked at the most popular mobile apps at the Apple App Store and examined the most popular iOS compatible offerings within the free “health & fitness” category. It then tested the 100 most popular options within that category. Among them, there were 57 that were also available in the Google Play store so that Android device users would be able to them. Those 57 were also researched on the Android side, by the Symantec team.

What the Security Response team found was that 20 percent of the apps that they examined required a user to use non encrypted (clear) text which exposed their login credentials. This means that in the case of the users of those popular free applications, it could be possible for the device or the app to be compromised.

Furthermore, depending on when and where the wearable device is synced, it could mean that those login credentials will be shared with just about anyone who is paying attention. The typical wearable technology does not connect directly to the internet. Instead, it uses Bluetooth synchronization to an internet enabled smartphone, tablet, or desktop. This process may be making it much easier for cybercriminals to breach mobile security and scoop up personal data from the device user, without ever making him or her aware that it had occurred.