Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Secure Code Development Necessity for Smartphone Apps

Fortify : 12 March, 2010  (Technical Article)
Warning from Fortify focuses on the proliferation of smartphone applications and the need for secure code development practices to be applied to them to prevent serious data security vulnerabilities from arising
Fortify Software has warned that developers of applications (apps) for smartphones such as the Apple iPhone and Google Android must embrace the principles of secure code development, otherwise the integrity of users' mobile phone data could be seriously at risk.

The warning from the software security authority comes after researchers at Rutgers University in the US have developed a proof-of-concept rootkit capable of compromising most aspects of a smartphone.

'The researchers have developed a full-blown hacker code methodology that allows all the features of a smartphone - including its microphone, global positioning system and even the battery - to be totally and utterly turned over to a hacker's control,' said Richard Kirk, Fortify's European director.

'And just like a compromised desktop PC, all the operations of the hacked smartphone can be used for all manner of hacking purposes, including data theft, Botnet swarming, distributed denial of service attacks and even remote automated mass hacking of critical national IT systems infrastructures,' he added.

According to Kirk, whilst Rootkits have been known about since the 1990s, secure code development strategies have evolved to ensure that desktop systems software cannot normally be compromised by this type of hackery.

But smartphone code developers, owing to the relative youth of their industry, have had no similar pressures imposed on them, as smartphones have always been viewed as a less powerful computing option.

All that changes, he explained, with the evolution of Rootkits for smartphones, as it means that hackers can assume control over a handset that is every bit as powerful as a computer of just a decade ago.

Fortify general manager Kirk argues that, just as PCs of the early 2000s could cause havoc on the Internet, so to do infected smartphones pose an equally serious security threat.

Using the rootkit, Kirk says that the Rutgers scientists have been able to remotely turn on the smartphone's microphone and so eavesdrop on nearby conversations.

And, he noted, since the rootkit can also send a phone's location back to remote hackers, this GPS information can be used to remotely track a handset almost anywhere there is cellular or WiFi coverage.

'As the Rutgers University scientists say - 'as the population of mobile devices increases, there will be an increasing interest in attacking these devices' - this means there is a rising security risk from operating system-driven smartphones,' he said.

'With hundreds of millions of these devices in active usage and the majority of them wirelessly connected, you can see the potential scale of the problem. Code developers must wake up to this pressing security issue and adopt secure code development practices, such as regular security testing, at the earliest available opportunity,' Kirk added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo