In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.
According to Forrester Research, mobile payments accounted for $52 billion of U.S. transactions in 2014—and the figure is expected to increase to $142 billion by 2019. Furthermore, eMarketer predicts that mobile wallets (such as Android Pay, Samsung Pay, and Apple Pay) will become a standard feature on new smartphones, with merchants eager to accept payments from them.
But the increased prominence of mobile payments also means new security threats—here's what you need to know.
Experian, one of the big three credit reporting agencies in the US, revealed earlier this month that it had been the victim of a data breach. Experian’s consumer units were left untouched, but the business unit that mobile service carrier T-Mobile used to store customer data was breached. The data breach affected T-Mobile customers who sent applications in to T-Mobile from September 1, 2013 to September 16, 2015. About 15 million customers in the US had their data exposed due to this breach.
The recent Experian/T-Mobile hack is the latest reminder that breaches are a serious issue for businesses. Naturally the news has many business owners asking if they can predict whether they are at risk of a digital intrusion. A look at what might have happened in the Experian/T-Mobile case answers the question.
A cyber security research firm recently revealed that the overwhelming majority of Android devices can be hacked into with a single text. Zimperium zLabs, the research firm, found that all a hacker needs is a phone number to compromise an Android device. The bug has been named Stagefright, after the media library in the Android operating system that processes several popular media formats.
A bug found in the way Samsung mobile devices update their default SwiftKey keyboards has left over 600 million devices vulnerable to a security breach. The bug leaves devices vulnerable to man in the middle attacks because the SwiftKey keyboard looks for language pack updates over unencrypted lines. The bug lets hackers execute code as privileged users, and send malicious security updates to devices through spoof proxy servers. Hackers can siphon text messages, contact data, and financial log-ins from banking apps. The bug also lets hackers turn on the device’s camera, microphone, and GPS, and allows them to eavesdrop on phone calls.
Last week, we announced the results of our annual Security Monitoring and SIEM survey about information security priorities and challenges. And though there were no big surprises or ‘smoking guns’ - the bulk of respondents indicated that Network perimeter (23%), Endpoints (21%) and Web applications (14%) were areas of highest concern - we did stop and wonder why only 10% surveyed were concerned with IT security mobility.
A study conducted by IT research company Wisegate found that BYOD practices and cloud technology are the two new threats that make IT departments worry. Out of the hundreds of senior IT professionals surveyed, 51% said that BYOD policies were a top risk for their company. Only 32% of respondents said data breaches and malware were a top security threat. Data breaches and malware are still considered risks that IT professionals are worried about. These data breaches can occur through insecure BYOD policies.
All hail the Apple Watch. Apple CEO Tim Cook unveiled the company's entry into the smartwatch arena last week (March 10). It can double as your hotel key, wallet, workout tracker, etc. It also reportedly tells time. Prices start at $349, but if you’re looking for a way to spend $10,000, you can do that too. This watch is a big deal for The Fruit, since it’s the first new product category the company has launched without Steve Jobs. Whether it will be essential for providing “new ways to communicate with our loved ones, use the apps you love on your phone and even control a smart-home” (one app, from Alarm dot Com, allows you to both unlock your garage, open it, and watch the video of the entire process—on your watch) remains to be seen, but our guess is that Cook and team will likely deliver.
The BYOD (Bring Your Own Device) trend is not slowing down any time soon and with the increase in more companies adapting the trend, there is an increase in the security risks concerning the data users have on their personal devices. There is still a real challenge for network security administrators due to the fact that it is very easy for users to download apps, music, books etc, however, most mobile users don’t realize the threat of viruses and attacks because they assume it’s not a PC so that can’t happen. That could not be further from the truth.