Wi-Fi network security vulnerable to man-in-the-middle attacks on smart phones
Monday, November 16, 2009
Researchers last week revealed a weakness in mobile network security that could allow for so-called "man-in-the-middle" techniques to steal personal information from users of certain types of mobile phones.
Man-in-the-middle attacks interpose a hacker's computer between a user's device and the device that he or she is accessing. A white paper by SMobile Systems describes a possible real-world scenario in which man-in-the-middle techniques could be used to compromise Wi-Fi network security in a coffee shop and steal personal data from a smart phone using the network to check online banking information.
A publically available tool called SSLstrip was used to spoof the coffee shop's Wi-Fi network security. The SMobile researchers say that the comparative lack of security software in use on mobile phones contributes to the vulnerability of those devices to man-in-the-middle attacks.
Experts say that wireless security must improve as more and more smart phones are used to send and receive sensitive financial data from unsecured Wi-Fi connections. Many recommend not accessing online bank accounts from such low-security public connections.
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
