Unsecured Apple, Android Smartphones Are Major Security Threats

The situation with Android is even worse. “You may have devices born with malware,” Weidman said. And then she described a new means of attacking what’s normally a secure Android device.

She said that Google has added a new feature that allows a company to post a Quick Response code in a common area as a way to set a secure profile for things like the company WiFi.

Unfortunately, anyone can create a QR code and post it and the code can just as easily be one that leads to a malware infection or a phishing attack.

Trump security

Both Google and Apple have made a big deal out of their end to end encryption. Apple’s is so effective that the FBI had to call in an outside contractor to gain access to the contents of an iPhone used by one of the San Bernardino terrorists. But Weidman said that the problem with end-to-end encryption is that it doesn’t allow checking by antivirus software. “It’s the universal bypass,” she said.

The obvious question this raises is what to do about your mobile devices. Unfortunately, the times are such that parting employees from their mobile phones is no an option. The answer is to test your organization’s susceptibility to penetration methods, both the ones that attack directly and the methods that depend on your staff making a mistake.

Penetration testing tools such as the ones from Shevirah can do both, by directly testing the vulnerability to direct attacks and testing the vulnerability of your employees.

But you can’t just depend on tools such as those that Weidman has developed. Your organization has to take the next step as well. That means doing boring things like training your staff on a continuing basis, setting up procedures for both reducing your vulnerability and improving your reporting of potential breaches so they can be stopped before they do damage.

But most of all, you can’t assume that your mobile device is somehow immune to security attacks just because the contents are encrypted. It’s crucial that you acknowledge the vulnerabilities of your organization and take constant steps to keep them from being exploited.

Originally published on eWeek

Quiz: What do you know about Trump and tech?

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 day ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

1 day ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

2 days ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

2 days ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

2 days ago