New security flaws detected in mobile devices

Findings of two recent examinations of mobile devices highlight how designers of smartphones and tablet PCs failed to fully account for security and privacy implications.

"Today's smartphones and tablet devices perform the same functions as a PC," says Dan Hoffman, chief of mobile security at Juniper Networks. "However, the vast majority of devices lack security software and mistakenly rely upon the operating system to keep people safe." In one study, security firm Cryptography Research showed how it's possible to eavesdrop on any smartphone or tablet PC as it is being used to make a purchase, conduct online banking or access a company's virtual private network. The process used to encrypt data can be deciphered, enabling a criminal to use them to access a financial account or a company network, says Benjamin Jun, Cryptography Research's chief technology officer. "These type of attacks do not require the device to be modified, and there is usually no observable sign that an attack is in progress," Jun says. Cryptography Research is "working with one of the major smartphone and tablet companies right now to put countermeasures in," Jun says. No known actual attacks have occurred, he says. In another demonstration, researchers at security firm McAfee, a division of chipmaker Intel, highlighted several ways to remotely hack into Apple iOS, the operating system for iPads and iPhones.