Mocana's Weekly News Roundup, Ed 6
This week's Roundup contains a slew of new hacks that have occurred in Android devices through browsers and even smart refrigerators. We talk frequently on this blog about the Internet of Things (IoT) and the rapidly accelerated connectivity of devices-- but this also comes with risks.
Private information and corporate data can be exposed, leaving your company's information unprotected.
Although mobile devices aren't the primary route for data breaches, many breaches come from mobile application misconfigurations according to Verizon.
The key is training employees to understand how to avoid mobile breaches or recognize suspicious installation prompts and other interceptions of data that can occur.
To learn more about the recent reports on Android devices and browser issues, keep on reading below:
It would appear the future is now-- Microsoft's development of the HoloLens may not be a consumer tool, but it does open up a myriad of possibilities for engineers, architects and engineers as the article suggests. While it is not a mobile tool at the moment, there is a possibility that it can with time if it "gets smaller and looks more like a regular pair of eyeglasses."
We are far from a perfect system, and the rapid growth and use of smartphones has "forced IT and security professionals to completely rethink how mobile devices and data are managed." There are currently over 30,000 different Android versions in the world right now, and this can be difficult "for IT admins to configure devices correctly." As this article from CSO suggests, the focus needs to be securing data and not "locking devices down," which can impair usability.
This article explores some very interesting pros and cons of the update to Android Lollipop called smart lock, which allows you to "bypass your lock screen" if it is "on body." Google has succeeded in terms of making mobility very user-friendly, but at the cost of security. Ensuring security on your device should always be of the utmost importance; unfortunately, many user just want the easiest route, and it can cause you to "fall victim to the loss of sensitive data."
There has been continued research from Pen Test Partners to test IoT security and hacking of devices. Recently at a DEF CON hacking conference, Pen Test Partners discovered a "potential way to steal users' Gmail credentials from a Samsung smart fridge." While it is unconfirmed, the MiTM (man-in-the-middle) attack stems from a failure of the fridge to validate the certificate to the SSL. Samsung is currently "investigating into this matter as quickly as possible."
This article from SC Magazine shows Android browsers Dolphin and Mercury, both with over 100 million downloads, have security flaws that could "allow hackers to perform remote code execution." Security researcher, going by the nickname Rotlogix, details the risks. Others quoted in the post advise to use "widely recognised software," and to not trust less popular applications.
We value your input as a reader; let us know your thoughts in the comments here or tweet us @mocana.