Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Fortify says MiFi security weakness highlights need for code auditing

January 2010 by Fortify Software

News reports that the GPS-enabled Wireless MiFi unit can be persuaded to reveal its position across the internet - without the user being aware of the information leak (http://bit.ly/8tZcKF) - highlights the fact that manufacturers are cutting corners and failing to code audit products before they ship, says Fortify Software.

"As our colleagues at EvilPacket have discovered, the unit’s integral GPS interface can be hacked in such a way that a MiFi user visiting a malicious Web site can have their geographic location and passphrase revealed without their permission," said Richard Kirk, European director with the application vulnerability specialist.

"This is symptomatic of a product that has shipped before the designers have thought through the possible security issues with their product, and failed to test the security of the device’s software at all stages of its development," he added.

According to Kirk, regular security testing of the code as part of a development process ensures software that is being developed is inherently secure.

In other words, he explained, this approach `builds security into’ the device - as opposed to attempting to add it after the device has been designed as is what will happen in this situation.

This approach, the Fortify European director went on to say, is not only more cost-effective, but also results in applications that are much more secure because security was considered at every step of the development process.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts