Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Code audits required to close out GPS MiFi weakness

Fortify : 25 January, 2010  (Technical Article)
Internet revelations of GPS wireless positions indicate a flaw in code that has been exploited and needs avoiding with more careful code auditing, according to Fortify
News reports that the GPS-enabled Wireless MiFi unit can be persuaded to reveal its position across the internet - without the user being aware of the information leak highlights the fact that manufacturers are cutting corners and failing to code audit products before they ship, says Fortify Software.

'As our colleagues at EvilPacket have discovered, the unit's integral GPS interface can be hacked in such a way that a MiFi user visiting a malicious Web site can have their geographic location and passphrase revealed without their permission,' said Richard Kirk, European director with the application vulnerability specialist.

'This is symptomatic of a product that has shipped before the designers have thought through the possible security issues with their product, and failed to test the security of the device's software at all stages of its development,' he added.

According to Kirk, regular security testing of the code as part of a development process ensures software that is being developed is inherently secure.

In other words, he explained, this approach `builds security into' the device - as opposed to attempting to add it after the device has been designed as is what will happen in this situation.

This approach, the Fortify European director went on to say, is not only more cost-effective, but also results in applications that are much more secure because security was considered at every step of the development process.

'This isn't singling out the manufacturer of the affected MiFi unit for specific criticism. The failure to test the security of device software at all stages in their development is a common issue amongst technology products - the days of breadboarding up a device and then manufacturing it without a security test of the software have long gone,' he said.

'That approach to technology product development may have applied in the early days of computing - as seen by BBC TV's Micro Men recently but technology has moved on, so IT systems designers now owe it themselves, as well as their customers, to test the security of their software at all stages of product development,' he added.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo