Security Blog

Your source for information security news and views.

Mobile browser security is a spoof

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Tuesday, 31 May 2011 in MyBlog

Since when does innovation call for imitation of security? In todays world users demand portability. This involves designing devices and services to operate on much smaller platforms. Which means taking that 15 inch laptop from the office and crushing it down to a 4 inch pocket sized supercomputer, not only that but also taking those web browsers and applications and stripping them down to their minimal aspects to ensure lightweight, simple operation. In the process of stripping down these devices we are leaving out an important aspect, the security.

Although the convenience of having a pocket sized computer seems to trump most of our performance concerns we are actually giving up more than we can afford. Full sized devices offer us many integral features which we now take for granted. These features include security checks and warnings which are key to our safe networking.

For example, while using a standard full sized browser it is clear to see within the URL bar when a user is accessing a secure site. You are generally presented with the SSL security lock, or some other form of green light identifiers which assure you that the page you are currently accessing is encrypting your information and is safe. 

Our strive for mobile simplicity has led us to throw out these security checks and therefore opens the doors to spoofed websites which can potentially present us with false information and fake logins. There are only a handful of users with the knowledge to detect such websites on our mobile devices. We are making the prediction that phishing attacks relate to this type of mobile spoofing will become one of the most abundant threats in the upcoming years to mobile users.

Thankfully many mobile browsers now support SSL and https transmissions, however, that is only when the user chooses to use the securely protected website. Not many custom mobile sites have been designed to handle this type of security yet. Anyone who has accessed a full sized webpage on a mobile device knows how difficult it can be to read small text and press submit buttons. This makes custom built mobile sites the optimal choice for convenience but definitely not for security.

There is work being done to prevent mobile site spoofing. But until this type of security is optimized and becomes the new standard in the industry we will constantly be bombarded with fake login pages and spoofed sites.

On another note our mobile apps could also use a security overhaul. It is only a matter of time before cyber criminals begin implementing malicious app installations by fooling our mobile carriers into thinking their app is good then flipping a switch on a server and transforming the app into one that commits malicious tasks, said Kevin Mahaffey, chief technology officer and founder of mobile security software vendor Lookout.

Innovations in mobile computing and browsing should make no exceptions to the rules of security, no matter how convenient it may be for user performance. Users these days have it all wrong. For those of you demanding power and portability, take a step back and demand your security first!

Patrick Snyder has not set their biography yet

Comments

Please login first in order for you to submit comments