Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Risk of malicious modification on e-reader type devices

Fortify : 06 January, 2010  (Technical Article)
Fortify Software is warning of the potential risks from application specific devices where software and operating system modifications are relatively easy leading to vulnerabilities
Fortify Software, the application vulnerability specialist, has warned that software crackers are likely to continue modifying relatively low-cost specific-application devices, such as e-readers, but that the potential security risks to companies are significant.

The reason, says Richard Kirk, Fortify's European director, is that whilst best practice principles are usually applied to a firmware-driven device, such as an e-reader, in terms of operating system and allied software, all of these principles disappear out of the window when the device is cracked and re-purposed.

Kirk's comments come as the Nook e-book reader, a low-cost device developed by Barnes & Noble last year, has been hacked to fully utilise the Android operating system.

'Although the Nook uses a customised version of the Android operating system, it also supports WiFi and 3G cellular, which means it has connectivity with all manner of systems via the Internet,' he said.

'This is why the e-reader, which has already been cracked to load the Pandora Web-based music service, the Twitter application and a number of Facebook applications, has now been fully cracked to run most Android applications,' he added.

According to Kirk, whilst this is potentially great news for home users of the Nook, it poses a significant security risk for companies interested in using the device for corporate purposes, since there is no way of knowing whether the newly installed software - as well as the operating system cracks - comply with security best practices.

These practices, he explained, include the need for regular security testing to ensure software that is being developed is inherently secure.

The software industry, he says, has been extolling the benefits of secure coding practices - so that developers do not keep introducing vulnerabilities - for many years now, as witnessed by the Fortify 360 initiative.

Most `home brew' software is excellent from a functional perspective he went on to say, but rarely complies with software development best practices when it comes to security, which is where the risk of using such cracked devices in a company environment enters the frame.

'You wouldn't expect an IT manager to allow unchecked third-party applications to be loaded onto company desktops, so why allow a modified e-reader into the office environment?' he said.

'The problem facing IT managers is that they have no way of knowing whether a portable device like the Nook, has been modified or not, which is why we believe that cracked devices like this pose a potentially serious security risk for companies of all sizes,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo