With all the security threats out there, credit card companies are really working hard to make their cards as secure as possible. MasterCard has been working on a new layer of security, which is suppose to be released in the first half of 2 010. You would uses a cell phone to authenticate your online transactions by asking for a password that is sent via SMS or generated on the spot by JAVA application. The goal is to improve the customers’s protection against phishing schemes and man in the middle attacks. It could also make managing your credit card, and sending and receiving payments from your cell phone possible.
Category Archives: Mobile Security
Mobile Security is Compromised over WiFi
A team of researchers have successfully managed a “man-in-the-middle” attack on the security that protects sensitive data being transferred over WiFi networks on four phones, the Nokia N95, Windows HTC tilt, T-mobile G1 Android and Apple Iphone 3GS.
Verizon Wireless Customers, Beware Fake 'balance-checker' e-mail contains a Trojan Virus.
Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a “balance checker” program to review their payments. The e-mail messages, which look like they come from Verizon Wireless, are fakes; the balance checker is actually a malicious Trojan horse program.
Several Smartphones are Exploited with Man in the Middle Attacks
Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.
Iphone Hacker Gets Death Threats, Job Offers
The creator of the rickrolling iPhone worm has spoken of possible job offers and death threats since the release of the Jesus Phone malware last weekend.
Ashley Towns, 21, from Wollongong, New South Wales, Australia, told local media he received both threats and offers of possible work a day after he was identified as the creator of what’s been described as the first strain of iPhone malware. The malicious code created by Towns changed the wallpaper of jailbroken iPhone devices it infected to a picture of cheesy ’80s pop star Rick Astley.
Spying Application For The Android Is Released
A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS. Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.
New Worm Discovered on Jailbroken Iphones
A simple, yet effective, worm is now circulating on some jailbroken iPhones, changing settings on the phones and terminating some services. The worm, which was discovered Sunday, doesn’t appear to be too malicious, but is an indicator of what might lie ahead for owners of iPhones and other smartphones.
The worm, called iKee, infects jailbroken iPhones by utilizing the SSH service on the phones, which uses the default password and allows remote logins. The worm takes several actions after infecting a phone, including changing the phone’s background image to a photo of Rick Astley, shutting off the SSH service and then copying itself to the iPhone. The iKee worm also scans the available 3G network for a specific set of IP addresses, which an analysis by the SANS Internet Storm Center shows all belong to 3G customers in Australia.
iKee C code screenshot
There was a somewhat similar worm that surfaced last week, attacking iPhone users in the Netherlands and demanding a small payment in order to disinfect the iPhone.
Jailbroken iPhones give the owner the ability to run applications that have not been approved by Apple, which has kept a tight watch on what apps can run on the iPhone through its App Store. Only apps that have been approved Apple can be added to the App Store, which has both free and paid apps. But there are thousands of unapproved apps available, as well, and owners who have jailbroken their iPhones can run those if they’re willing to accept the risk of malware or other undesirable features.
Security experts have said that malware targeting the iPhone, one of the more popular handsets in the world right now, was a matter of when, not if, and the appearance of iKee and the Netherlands Trojan are just the first examples of this. The iPhone is one of the more advanced mobile platforms, including a full Web browser and a slew of other features that give it the power of a desktop PC. But with that power also comes an increased attack surface area and more features to exploit.
Security researchers have demonstrated a number of attacks against the iPhone, including SMS-based attacks and others that exploit the iPhone’s Safari browser implementation.
*Image from The SANS ISC.