Georgia Tech Highlights Growing Smartphone Access to Transactional Apps Issue

By Peter Bernstein December 05, 2012

We all are or should be aware of the fact that if you use your PC, tablet or smartphone to access transactional sites over public Wi-Fi links you are doing so at considerable risk. The bad guys know how to pick your critical data. That said, according to new research from Georgia Tech, it is not just public Wi-Fi access that ought to give you pause.

Under the leadership of Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science, a team of researchers looked into the security of mobile browsers and found cause for concern.


Image via Shutterstock

So how safe are you?

The answer to the above is, “Unsafe enough that even cyber-security experts are unable to detect when their smartphone browsers have landed on potentially dangerous websites.” OMG!

What the researchers found was that, “In one critical area that informs user decisions—the incorporation of tiny graphical indicators in a browser’s URL field—all of the leading mobile browsers fail to meet security guidelines recommended by the World Wide Web Consortium (W3C) for browser safety, leaving even expert users with no way to determine if the websites they visit are real or imposter sites phishing for personal data.”

Traynor noted that, “We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States...The basic question we asked was, ‘Does this browser provide enough information for even an information-security expert to determine security standing?’ With all 10 of the leading browsers on the market today, the answer was no.”

The study finds at issue the graphic icons for either SSL (“secure sockets layer”) or TLS (“transport layer security”) indicators. It says that the W3C has issued specific recommendations for how SSL indicators should be built into a browser’s user interface in mobile browsers, but “inconsistently at best and often not at all,” following the guidelines, which is not the case with desktop browsers.

As the posting on the finding also notes, Traynor feels the lack of following best practices to protect users may be the result of the small amount of real estate on the small screens. However, he cautions that given that mobile devices are emerging as our primary communications device, and increasingly for performing transactions, they are going to become even bigger targets for cyber-criminals unless the browsers are made more secure.

The lesson here is summed up by team member Chaitrali Amrutkar, a Ph.D. student in the School of Computer Science and principal author of the paper: “Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers...Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help.”




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Verizon Needs Tough Love on Copper Policies

By: Doug Mohney    1/29/2015

New regulation on broadband and telecommunications providers is at top of mind here at ITEXPO. Jeff Pulver, founder and chief executive of pulver.com …

Read More

OTT Video Set to Top $6 Billion in 2019

By: Tara Seals    1/29/2015

When it comes to over-the-top (OTT) video, it has grown not only in developed regions but also in emerging markets, both as an alternative and complem…

Read More

Digium CEO: Businesses at Every Level Can Get Started with UCaaS

By: Allison Boccamazzo    1/29/2015

Digium CEO Danny Windham made one thing clear during his keynote presentation at ITEXPO 2015: Businesses of all kinds, at every developmental level, c…

Read More

When Gaming Isn't a Game: 3 Best Practices to Protect Your Hosting Service Against DDoS Attacks

By: Joe Eskew    1/28/2015

The unprecedented number of security breaches, hacks and DDoS attacks on gaming communities, software manufacturers and even Hollywood studios grew to…

Read More

No Hackers Took Down Facebook; Hour's Outage Mostly Internal

By: Steve Anderson    1/28/2015

Facebook released a statement not long after the outage had hit, revealing that the cause of the shutdown was not "...the result of a third-party atta…

Read More