dcsimg

Mobile Threat Vector

  • Mobile Threat Vector-

    “Mobile applications are increasingly reliant on the browser,” said Patrick Traynor, GTISC researcher and assistant professor at the Georgia Tech School of Computer Science. “As a result, we expect more Web-based attacks against mobile devices to be launched in the coming year.”

    Tension between usability and security, along with device con­straints make it difficult to solve mobile Web browser security flaws. “The mobile vector requires special consideration when it comes to security,” said Traynor. “We still need to explore the significant dif­ferences between mobile browsers and traditional desktop brows­ers to fully understand the potential of emerging threats.”

    • Traynor cites small screen size as just one of many device-related challenges to mobile security. To enhance usability, the address bar disap­pears above the screen so that more of the page content can be displayed. But this also removes many of the visual cues users rely on to confirm the safety of their online location. If a user does click a malicious link on a mobile device, it becomes easier to obfuscate the attack since the Web address bar is not visible.
    • The varied existence of SSL icons on mobile browsers can also contribute to successful exploitation. “If you’re a security expert and you want to see the SSL certificates for a site from your mobile phone browser, it is extremely difficult to find that information — if it’s there at all,” said Traynor. “And if a security expert can’t verify a connection and a certificate, how do we expect the average user to avoid compromise?”
    • Understandably, display security on mobile browsers is not as advanced as the desktop either. The way elements are laid out on a page and the actions that take place when a user touches something are all opportunities to embed an attack
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18

Mobile Threat Vector

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18
  • Mobile Threat Vector-2

    “Mobile applications are increasingly reliant on the browser,” said Patrick Traynor, GTISC researcher and assistant professor at the Georgia Tech School of Computer Science. “As a result, we expect more Web-based attacks against mobile devices to be launched in the coming year.”

    Tension between usability and security, along with device con­straints make it difficult to solve mobile Web browser security flaws. “The mobile vector requires special consideration when it comes to security,” said Traynor. “We still need to explore the significant dif­ferences between mobile browsers and traditional desktop brows­ers to fully understand the potential of emerging threats.”

    • Traynor cites small screen size as just one of many device-related challenges to mobile security. To enhance usability, the address bar disap­pears above the screen so that more of the page content can be displayed. But this also removes many of the visual cues users rely on to confirm the safety of their online location. If a user does click a malicious link on a mobile device, it becomes easier to obfuscate the attack since the Web address bar is not visible.
    • The varied existence of SSL icons on mobile browsers can also contribute to successful exploitation. “If you’re a security expert and you want to see the SSL certificates for a site from your mobile phone browser, it is extremely difficult to find that information — if it’s there at all,” said Traynor. “And if a security expert can’t verify a connection and a certificate, how do we expect the average user to avoid compromise?”
    • Understandably, display security on mobile browsers is not as advanced as the desktop either. The way elements are laid out on a page and the actions that take place when a user touches something are all opportunities to embed an attack

In the past year, we have witnessed cyber attacks of unprecedented sophistication and reach. These attacks demonstrate that malicious actors have the ability to com­promise and control millions of computers that belong to governments, private enterprises and ordinary citizens. If we are going to prevent motivated adversaries from attack­ing our systems, stealing our data and harming our critical infrastructure, the broader community of security research­ers — including academia, the private sector and govern­ment — must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it.

This slideshow features emerging cyber threats for 2012, identified by the Georgia Tech Information Security Center and the Georgia Tech Research

Institute.

More

Slideshows

:

Ten Apple Apps for BusinessApple apps to help increase business productivity.

Top Eight Features in Windows Server 8 Windows Server 8 is a technically sophisticated operating system that is crammed with features that bring many previously enterprise-only capabilities to small and mid-sized businesses.

Seven Points CIOs Must Know About the Board of Directors Seven areas that CIOs must understand and act upon in order to effectively work with the board.