Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Fortify Warns Of Risks Of Jailbreaking Smartphones

Fortify : 08 July, 2010  (Technical Article)
Jailbreaking smartphones to open the networks also provides a route in for hackers and malicious applications warns Fortify
Fortify Software has warned iPhone owners - and smartphone users in general - to think carefully before installing cracked software on their handsets.

The warning comes after a iPhone jailbreaking group called Comex claims to have developed Frash, an unauthorised version of Adobe's Flash player that runs on the Apple iPad, and is now being ported to the increasingly popular iPhone 4.

'Jailbreaking refers to the act of cracking a vendor's smartphone operating system to allow it to work with almost any mobile network and, as you might imagine, it's frowned upon by the cellular carriers as it drives a steamroller through their handset subsidy schemes,' said Barmak Meftah, Fortify's chief products officer.

'Whilst Frash may look attractive to iPhone 4 and 3GS users wanting to surf to extra Web sites, the reality is that to install this software, users will have to jailbreak their handsets, so allowing the loading of apps from almost any source,' he added.

And as Fortify has said many times, whilst Apple monitors the iTunes store closely for rogue apps, the same is not true for open source and third-party iPhone apps, which can be tampered with by hackers and then offered for free download.

Everyone, he explained, loves free software for their mobile phone and, as a result, the normal guard that people have when viewing Web sites promising free software for their desktop or laptop computer tends to be lowered when it comes to their iPhone - or any other smartphone, come to that.

'There is an interesting article in the Sunday edition of the Los Angeles Times which says that hackers can learn a lot from a users' mobile phone number using relatively low level hacking techniques,' noted Meftah.

The most interesting comment in the piece, however, comes from a security researcher quoted in the paper as having developed a `nasty little application' called TXSBBSPY.

The program, says Fortify's chief products officer, turns a users' Blackberry into a remote surveillance station, with the smartphone owner as the target.

As the researcher says in the feature, the app allows the remote user to read text messages on the Blackberry, listen to voicemails and also turn the handset into a remote eavesdropping device.

'In the LA Times feature, the researcher - Tyler Shields - says that we're still living in the late 1990s when it comes to security on handsets, adding that the situation is similar to days before people knew to put antivirus software or firewalls on their computers,' he said.

'And it's against this backdrop that we urge smartphone users to think very carefully before downloading an app for their handset from an untried or unknown source, no matter how attractive the free app looks,' he added.

'You wouldn't be so silly to download a `free version' of MS-Office from a Ukrainian Web site to your desktop PC, so why do the same for your smartphone? Think before you click and download.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo