Monthly Research Update

Experton Group Weekly IT News

Open Wireless Phones Potential Security Risk; New Web Browser Tightens Security

By: Jerald Murphy

Security researchers recently concluded that open phones are more vulnerable to security attacks than other mobile phones. In other news, hackers attacked the Web site of the Large Hadron Collider, while Google, Inc. announced patches to its beta version of its new Web browser.

Focal Points:

• Security researchers recently warned of vulnerabilities that exist in mobile phones developed based on open standards. While the current state of the mobile phone market represents numerous vendors with highly fragmented development environments, its fragmentation has to some extent ensured some level of security through obscurity. New open efforts, such as Apple Inc.'s iPhone software development kit (SDK) and Google's Android platform present an opportunity for more ubiquitous development, but also more opportunities for hackers to exploit known development platforms. A panel of security experts at the recent CTIA Wireless IT and Entertainment Show concluded that a major attack through these open platforms would likely occur in the next 18 months. Open standards, coupled with increasing bandwidth available to wireless networks will work together to facilitate exploiting future mobile networks and applications. One expected future attack is "Snoopware", which is spyware that could activate a microphone or camera without the user knowing, to spy on calls, call logs, and text messages.
• Hackers were able to infiltrate and deface one of the Web sites used for the Large Hadron Collider (LHC). This came on the heels of many extremist threats to LHC against activating the super collider. The attack occurred two days before the main operational tests were performed. The site was defaced with a message, but no malicious files were inserted onto any project computers. The attacked site is now only available for access to the European Organization for Nuclear Research (CERN) users.
• Officials from Google recently issued patches for its new Web browser, Chrome, only days after the browser itself was released. The patch focuses on shoring up multiple security vulnerabilities that were publicly reported the same day the beta version of the browser was launched. The initial beta version had a buffer overflow bug that could let hackers hijack vulnerable computers. The flaw could be triggered when users attempt to use the "save page as" command with a very long name. Google developers released a patch for this vulnerability immediately. The released patch also fixes a JavaScript problem affecting Facebook, as well as other confirmed security vulnerabilities.

Experton Group believes mobile wireless security will be exploited rapidly. However, unlike early Web and PC attacks that were initially very public, Experton Group expects mobile security exploits to be much more covert, with organized crime focusing on stealing user information surreptitiously for profit.  IT executives should understand future mobile wireless security risks, and disable mobile features not explicitly needed for business.