Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Trusteer warns of growing security crisis for mobile networks

November 2010 by Trusteer

A report just published - which identifies mobile networks as having a number of key security vulnerabilities that must be addressed - has been welcomed by Secure Browsing Service specialist Trusteer.

Trusteer, whose secure browsing service is offered by a number of banks, says that the Heavy Reading report is quite correct in identifying a potential problem with the security of mobile networks, for the simple reason that the wireless nature of the cellular networks makes them more susceptible to criminal attack.

“If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile Internet now represents, as A5/1 – the main GSM encryption algorithm – was cracked in a practical attack late last year by Karsten Nohl (http://bbc.in/f8n4rP),” said Amit Klein, Trusteer’s chief technology officer.

“Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or Web browser injection attack on a cellular delivered Internet connection,” he added.

According to Klein, whilst a WiFi-based Internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.

With the cellular mobile Internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.

The Trusteer CTO went on to say that Heavy Reading’s report reinforces his research team’s observations, since it adds the very real prospect of criminal tampering with the network infrastructure to the mix.

So far, he says, the industry has not seen any proven cases of network infrastructure tampering or Web browser injections, but the possibility grows stronger by the day, especially given the steady march of the mobile Internet.

With mobile dongles and MiFi units now becoming more and more popular - largely owing to their considerable flexibility and the fact that the technology also frees users from the `line rental tax’ that almost also telcos impose on their broadband users – Klein says that more and more Web traffic is being carried the last mile by cellular means.

With the GSM Association having reported the number of high-speed mobile broadband connections have topped the 150 million mark around the world in the summer of last year (http://bit.ly/oaKPx), it can be seen that cellular infrastructure - because of its wireless nature - now poses an IT security risk that many users overlook.

This, says Klein, is what makes this report so timely, and reinforces previous warnings about the mobile Internet security threat that few experts have even considered as a possibility.

Add in the fact that mobile Internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.

"Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it’s clear that mobile Internet connections need to be considered less safe than their landline equivalents," he said.

That isn’t to say the problem isn’t surmountable, as users of online financial services should employ any and all security measures available to them - such as installing in-browser security such as Trusteer Rapport - in addition to their existing IT security measures,” he added.

“Add in some serious commonsense when using mobile Internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures."


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts