Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security Vulnerability Report For Mobile Networks

Trusteer : 24 November, 2010  (Technical Article)
Trusteer reports on the vulnerability of mobile networks to some key vulnerabilities that require addressing
A report just published - which identifies mobile networks as having a number of key security vulnerabilities that must be addressed - has been welcomed by Secure Browsing Service specialist Trusteer.

Trusteer, whose secure browsing service is offered by a number of banks, says that the Heavy Reading report is quite correct in identifying a potential problem with the security of mobile networks, for the simple reason that the wireless nature of the cellular networks makes them more susceptible to criminal attack.

"If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile Internet now represents, as A5/1 - the main GSM encryption algorithm - was cracked in a practical attack late last year by Karsten Nohl," said Amit Klein, Trusteer's chief technology officer.

"Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or Web browser injection attack on a cellular delivered Internet connection," he added.

According to Klein, whilst a WiFi-based Internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.

With the cellular mobile Internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.

The Trusteer CTO went on to say that Heavy Reading's report reinforces his research team's observations, since it adds the very real prospect of criminal tampering with the network infrastructure to the mix.

So far, he says, the industry has not seen any proven cases of network infrastructure tampering or Web browser injections, but the possibility grows stronger by the day, especially given the steady march of the mobile Internet.

With mobile dongles and MiFi units now becoming more and more popular - largely owing to their considerable flexibility and the fact that the technology also frees users from the `line rental tax' that almost also telcos impose on their broadband users - Klein says that more and more Web traffic is being carried the last mile by cellular means.

With the GSM Association having reported the number of high-speed mobile broadband connections have topped the 150 million mark around the world in the summer of last year, it can be seen that cellular infrastructure - because of its wireless nature - now poses an IT security risk that many users overlook.

This, says Klein, is what makes this report so timely, and reinforces previous warnings about the mobile Internet security threat that few experts have even considered as a possibility.

Add in the fact that mobile Internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.

'Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it's clear that mobile Internet connections need to be considered less safe than their landline equivalents,' he said.

That isn't to say the problem isn't surmountable, as users of online financial services should employ any and all security measures available to them - such as installing in-browser security such as Trusteer Rapport - in addition to their existing IT security measures," he added.

"Add in some serious commonsense when using mobile Internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo