Expert: As smartphones become wallets, pickpockets circle

By , CSO |  Mobile & Wireless, mobile payments, mobile wallet

Smart phone users have two things to worry about. First, the devices are loaded with the same old-school vulnerabilities that plagued PCs a decade ago. Second, those flaws are going to make it easy for online thieves to pick your pocket as the phone becomes more like a wallet.

That day is coming fast, according to eEye co-founder and CTO Marc Maiffret.

"We haven't seen many smart phone attacks yet, because it's still much easier to break into a desktop," Maiffret said. "But that's going to shift because smart phones are becoming increasingly like a wallet, with applications that support banking right on the device. More sensitive data will be on the phone, making it much more worthwhile for attackers."

Compounding the problem is that smart phone makers are repeating the old mistakes made by computer manufacturers more than a decade ago. Specifically, in the rush to bring new technology to market, developers are overlooking security. The secure development lifecycle you've heard about doesn't apply to smart phones -- yet.

"One of the very last iPhone jailbreak tools that came out was going to a website that loaded .pdfs that caused code execution," Maiffret said."It's the classic-style attack we've see in Windows environments for years."

MORE ABOUT SMART PHONE SECURITY

And with the smart phone market becoming extremely cut-throat -- with Apple, RIM and Android racing for market share -- the danger will only grow, Maiffret said, adding that "There isn't a single smart phone developer out there saying that what they're working on will be two months late because they have to work security in. I promise you that."

Maiffret isn't the first security researcher to make this observation, of course. During the SecTor security conference in Toronto two months ago, Intrepidus Group researchers Zach Lanier and Mike Zusman gave a presentation highlighting all the old flaws plaguing smart phones.


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness