Today the BBC broke news of a staggering development in the world of smart phone / contactless technology.  In short, unscrupulous hackers and the criminal fraternity have managed to exploit a weakness in the means by which Apple’s i-Phone, Blackberry, and Android handsets connect with wi-fi or ‘open networks’.  The end result is that these particular devices may broadcast personal data, often in the course of normal social media interactions using i.e. Facebook and Twitter, which can be viewed by a third parties.  Scary stuff indeed!  This is what a BBC spokesperson had to say on the issue:

“The main lesson must be how insecure you can be if you sit in a public place and go online using an open network. I’d heard about Firesheep, a tool demonstrated recently as a warning of the dangers of open networks and unencrypted cookies. But sitting and watching as your entire life – or rather your social-networking life – is laid bare is very sobering.”

Rory Cellan-Jones, BBC Correspondent

Read the full article at:

http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/11/iphone_cracking_wifi.html

First published at BBC Online: 08:40 UK time, Tuesday, 23 November 2010

UPDATE:  (November 07, 2011) BBC News reports that malware attacks on UK andriod APPs, and smartphone fraud in general is up a staggering 800% since this time last year!!!!  The shape of things to come – who knows, perhaps?

Advertisements
Comments
  1. Mikey Special K says:

    Thought you might be interested in the following development as reported by Andrew Hoog, Chief Investigative Officer for “viaForensics” who has this to say on the subject:

    “…they’ve now tested five new mobile applications: Groupon, Kik Messenger, Facebook, Dropbox, and Mint.com. All the applications failed to securely store username and application data. More troubling, four applications: Groupon (Android), Kik Messenger (Android), Kik Messenger (iPhone), and Mint.com (Android) were storing passwords as plain text!” OMG!!!!

    Source: “Mobile banking apps may be vulnerable” by Michael Kassner, TechRepublic – December 14, 2010

    This new has put my mind at ease about the future of smartphone e-banking, err….maybe not!

    Keep up the good work with your site – a really cool find!

  2. Contactless says:

    So six months on from this BBC article, and we see the first signs of major problems in the smartphone arena.

    Today, the following story started appearing on various internet magazines (our version quotes from SC Magazine US – and for those interested in the original here’s the link: scmagazineus.com/zeus-for-android-steals-one-time-banking-passwords/article/207286/.)

    “Researchers have discovered a new variant of the insidious Zeus trojan that is designed to run on Google Android smartphones, security researchers have warned. The malicious program is a new version of Zitmo, a mobile trojan application first discovered last year that stands for ‘Zeus in the mobile,’ Derek Manky, a senior security strategist at network security firm Fortinet’s FortiGuard Labs, told SCMagazineUS.com on Tuesday.

    It is designed to steal mobile transaction authentication numbers (mTANs), or one-time passwords that some banks, mostly in Europe, send via SMS message to mobile users as an additional layer of security. The malware poses as a legitimate banking security application called Rapport, which is made by web security firm Trusteer. Once installed, the bogus app intercepts all incoming SMS messages and forwards them to a remote server.

    It attempts to bypass banks’ two-factor authentication by stealing mTANs in real-time, as they are being sent to a user, Manky said.”

    No doubt this story is going to run, and run. Watch this space!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s