Mobile Security Weekly – A New Arena: Wearable Tech Security

author image
By

blog-weekly-300x90

This week’s summary mixes the old with the new. There are several more vulnerabilities, both in iOS and Android, that might be new to users, but are based on tried and tested “formulas”. The new is a fresh type of mobile device – the wearable device. With wearable smart-devices becoming increasingly popular, their security has also become critical.

Wearable-Tech

iOS Security fault allows expensive calls to be made
Researchers have discovered a new iOS security flaw that could allow expensive phone calls to be made from the owner’s iPhone. By using specially-crafted URL links, this vulnerability enables threat actors to make phone calls from the device easily: the URL tells the device to make a phone call to a specified number without any call prompt asking the owner if they want to make the call.

Whichever app you’re using, this kind of link is capable of creating huge phone bills by calling premium numbers that threat actors can earn money from.

http://www.androidorigin.com/new-ios-security-loophole-discovered-lead-expensive-calls-made/

Why is this Significant?
This is a perfect example of how iOS is far from being completely secure. There are a vast number of ways to take advantage of an iOS device. Furthermore, the best way to put an end to this thievery is up to the developers of the apps and services. If Facebook and Google start using prompts that ensure that you do give permission for your phone to dial a number obtained from a link on a native mobile app. Until that happens, Lacoon have stepped up to plate and offer exactly that.

Another Android security flaw leaves Gmail vulnerable to hackers
Security researchers have discovered a major vulnerability in Android OS which could give threat actors easy access to personal information. The worst part? The exploit can hack into your Gmail account with a 92 percent success rate.

Without going into too many details, a malicious app installed on the victim’s device can monitor that device’s shared memory to get a general idea of what’s happening within other apps. As soon as this starts taking place, a threat actor could hijack the appearance of different apps to steal personal data, or even extract data from the device’s camera and photo gallery.

http://www.informationweek.com/mobile/mobile-applications/android-flaw-might-also-affect-ios-windows/d/d-id/1306590

Why is this Significant?
Although exploiting this vulnerability is pretty complicated, it’s still definitely worth paying attention to- especially as it might even affect other OSs. and not just Android. If a threat actor takes the time to go through the whole process, the success rates are pretty high. Several popular apps had a 92 percent success rate for the hack.


Security of wearable mobile-tech called into question
The wearable technology market is growing rapidly throughout, but despite its popularity, the use of these devices could be placing consumers at an ever rising risk of a mobile security breach.

While many users are enjoying the fact that more and more actions can be tracked and recorded, each new activity that is logged may also be opening up the user to a new mobile security breach risk.

http://www.mobilecommercepress.com/mobile-security-wearable-tech-data-called-question/8513623/

Why is this Significant?
Many of these wearable devices have security loopholes. Some transmit secure user data without encryption. Furthermore, depending on when and where the wearable device is synced, it could mean that those login credentials will be shared with just about any other device or app. The typical wearable technology does not connect directly to the internet. Instead, it uses Bluetooth synchronization to an internet enabled smartphone, tablet, or desktop. This process may be making it much easier for cybercriminals to breach private and corporate networks – Bluetooth is a relatively unsecure protocol that has many tried and tested exploits.

photo credit: stateasy.com

You may also like

Comments are closed.