New Mobile Attack Vectors

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 721102

    Comments posted to this topic are about the item New Mobile Attack Vectors

  • Thomas Franz

    Hall of Fame

    Points: 3715

    when I have to sent passwords per email, I try to include neither the username nor the app / site that uses the password and tell the person what it is for per phone / face to face.

    This is still not perfect, since a hacker could add all strange (random) strings that was sent without purpose to a dictionary, but better than to put all infos together into one mail.

    PS: I really need a team-feature in KeePass.

    PPS: I read something, that the (not free) password manager 1Pw will add such a feature in the next time (currently beta)

    God is real, unless declared integer.

  • Eric M Russell

    SSC Guru

    Points: 125101

    It's funny how, just within the past few years, 2 billion regular folks around the globe are burdened with the responsibility of being an accidental system administrator for a tiny Linux server in their back pocket. 🙁

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Robert Sterbal

    SSChampion

    Points: 10995

    I would like to see where in the realm of possibilities my thoughts on improving security are:

    Allow a read only login to all my accounts with a different password scheme.

    Provide a user reviewable read only list of logins and attempted logins for all authenticated users of a login scheme.

    412-977-3526 call/text

  • Eric M Russell

    SSC Guru

    Points: 125101

    I have a hanful of suggestion for making smart phones more secure.

    First, I understand why Apple and Samsung manufactore their phones in cheap overseas sweatshops; it's all about economics. However, that's all they should be offshoring, just the hardware fabrication. The programming, configuration, and device installation of the software should be done in a more tightly controlled environment, not by some assembly line worker earning $2 an hour.

    Also what I would like to see is a builtin feature within Android and iOS that allows the device owner to deny each application access to specific resources. For example, when installing a new app, we are informed by the OS that the app has requested usage of DeviceID, GPS location, Contacts, etc. This makes sense for something like Google Maps, becuase of the range of functions that the app must perform. But it doesn't make sense for a Flashlight app or video game. There are some 3rd party utlilities that will do this type of ganular permission denial, but they actually require one to root their phone and run as Admin, which also makes the phone less secure in general. Also the OS should be designed in such a way that when an app makes a request to a blocked resource, it will gracefully degrade without locking up or crashing.

    Thirdly, conspicuously missing from smart phone operating systems is an owner configurable internet firewall. It's almost as if Apple and Samsung consider spammers and hackers to be strategic business partners. But if I dont' want my phone to broadcast my location and web browsing history, then it should be my right to block it.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • benjamin.reyes

    SSCertifiable

    Points: 5249

    Eric M Russell (7/11/2016)


    Also what I would like to see is a builtin feature within Android and iOS that allows the device owner to deny each application access to specific resources. For example, when installing a new app, we are informed by the OS that the app has requested usage of DeviceID, GPS location, Contacts, etc. This makes sense for something like Google Maps, becuase of the range of functions that the app must perform. But it doesn't make sense for a Flashlight app or video game. There are some 3rd party utlilities that will do this type of ganular permission denial, but they actually require one to root their phone and run as Admin, which also makes the phone less secure in general. Also the OS should be designed in such a way that when an app makes a request to a blocked resource, it will gracefully degrade without locking up or crashing.

    I dunno what version you're on, but the newest version of android allows you to deny access based on resource.

    Go to Settings > Apps

    Click on the app in question.

    Then under Permissions there are sliders that allow or deny.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply