Thursday, 17 May 2012
Phone apps expose sensitive data
Phone apps expose sensitive data
By Megan Geuss, PC World (US) | Aug 10, 2011
1 comments
Digg
PrintSome popular apps store sensitive data such as user names and passwords and credit card information in plain text on your phone's memory, making the data an easy target for hackers. A Chicago-based mobile forensics company called viaForensics recently found as much after completing an audit of dozens of the most popular apps on both iOS and Android platforms.
Some of the biggest-name apps--such as Android Mail for Exchange and Hotmail, Foursquare, and Groupon--stored the user's passcode and portions of the information that the user accessed through the app, in clear text on the phone's memory for versions of the apps released around the beginning of 2011.
If a criminal had physical access to your phone, it wouldn't be very hard to find all that data and use it to commit identity theft; even remote access to your phone to harvest cached data is now becoming possible--the increase in mobile malware on Android phones and jailbroken iOS phones means that insecurities are more exploitable than ever.
You put a lot of information on your smartphone, mostly through apps that promise a standard of security and require usernames and passwords to access your personal data, at least on the initial setup of the application. But many of those apps unnecessarily store that information on the phone when they don't have to, and they don't encrypt all of their information when they do have to store the information offline.
Earlier this year, everyone was shocked that iPhones were storing their location data in an unencrypted file on the phone's internal memory. But a history of location data seems like small fry compared with storing a password (considering that most people reuse their passwords for multiple accounts) or credit card numbers, or messages you've sent to your boss on the phone's memory. Because phones are easily stolen, and Android phones especially have seen an increase in malicious apps (currently 2.5 times more common than they were six months ago, according to Lookout Mobile Security), storage of your private details shouldn't be taken lightly.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.
Phones are good for text
Phones are good for text marketing but I wouldn't store such precious information on my cell such mail accounts and credit card numbers. That is simply dangerous for your financial status.