Digital Wallets in the Crosshairs

By | May 15th, 2015|Uncategorized|

Digital WalletsDigital wallets have been a hot topic for us lately. Their use is growing and like all things when it comes to cyber security, online criminals always follow the money. Kaspersky Labs said it best:

“Enthusiasm over this new payment platform (Apple Pay) is going to drive adoption through the roof and that inevitably attracts many cyber criminals looking to reap the rewards of these transactions.”

This “follow the money” mentality was exhibited this week after news came to light of a brute force attack against individual Starbucks mobile wallet accounts. Thieves have been taking advantage of two things to hack in to Starbucks app accounts: consumers’ bad password habits and the ability to try different passwords on the Starbucks app without being locked out. Thieves have been purchasing email addresses and passwords on the underground black market and then using programs to try out these passwords on high-value sites like the Starbucks app. These programs can try hundreds of login combinations in a matter of seconds, and they only need one consumer that has reused credentials to cash in.

We saw a similar process happen to Jomoco – a fictitious small business we created to see just how quickly a small business can be brought down by hackers. Fictional Jomoco employee, Rachel, was guilty of reusing email addresses and passwords across multiple accounts. When we leaked her email address and password for her personal email account on the online black market one of the first things the hackers did was try it out on other sites. They quickly discovered that they could also access her business email account, which happened to host sensitive business information. Long story short, Jomoco was compromised in every way possible in less than an hour – all because Rachel reused passwords. You can read more about Jomoco on our website.

If you use a mobile wallet – whether it’s the Starbucks app or Apple Pay – always use a unique, secure password and turn on two-factor authentication if it is offered. Similar to how we saw a rise in POS breaches in 2013 and 2014, we fully expect to see a growing number of incidents and breaches involving mobile wallets in 2015, especially as consumers and businesses continue to figure out best security practices for this new technology.

Are you hesitant to use digital wallets? How do you combat reusing passwords across multiple sites? Let us know what you think on Facebook, Twitter and LinkedIn!

News Recap: Mobile Security at Black Hat Conference

By | August 1st, 2014|Uncategorized|

Mobile Security_080114Mobile security will be a major focus during next week’s Black Hat Security Conference in Las Vegas. During the conference, Mathew Sonik, a 20-year-old security consultant at Accuvant, Inc., along with several others, will be presenting their mobile hacking techniques.

According to Danny Yadron of The Wall Street Journal shared, Solnik and his associates “can take over a smartphone from 30 feet away without alerting the user or the phone company. Then, he can turn the phone into a live microphone, browse its contacts or read its text messages.” Why would a hacker want to do this?

“Smartphones are constantly connected to the Internet, infrequently updated and are challenging to secure,” Solnik explains. “They’re rich targets, recording pictures, names of associates and conversations.”

While all mobile devices have security threats, Android devices tend to be at higher risk for attacks from cyber criminals. In fact, this week, Tereza Pultarova of Engineering and Technology Times reported a particular cyber threat facing Google’s Android mobile devices pulling from a survey of behavior of smartphone users. According to Pultarova, “Sensitive financial and personal information of Android smartphone users could have been accessed by hackers since 2010 due to a previously unknown vulnerability.” Pultarova further reports that the “vulnerability allowed attackers to use malicious software to mimic other, legal apps, thus gaining access to data stored in smartphones without having to request the user’s consent.”

Google quickly offered a patch for the vulnerability, but “a survey of behavior of smartphone users, compiled by mobile phone comparison site TigerMobiles.com, revealed that not only do users not install security software, most of them don’t even have measures in place to protect unauthorized access to the information stored in their gadgets in the case of theft.”

What sort of security measures do phone manufacturers and network providers need to take to protect against these threats? How can consumers protect their information on their mobile devices? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more information on mobile security check out our whitepaper, When Good Technology Goes Bad: Evolution of Mobile Technology.

Mobile Security Infestation: Protecting Yourself and Your Mobile Device

By | July 28th, 2014|Uncategorized|

MobileInfestationThis guest blog post comes to you from Ivan Serrano, a technology, business and social media writer and infographic specialist from San Jose, California. In his free time, Ivan loves marveling at the wonders of modern technology and gets wound up in his photography in San Francisco.

We’re all aware of the dangers of hackers when delving into the depths of the Internet on our computers, but as the ever-expanding mobile community also dives deeper into the Internet, we have to worry about the health of our mobile devices as well. The problem with this mobile infestation is that, along with mobile Internet connectivity, it is relatively new. Most people are still under the illusion that nothing bad can happen to a phone other than physically damaging it, and it’s not their fault; no one really knows what to look for.

Third party app stores can contain malicious apps, unsecured WiFi hotspots can lead to identity theft, and in BYOD businesses, the devices are often insecure. With more businesses and individuals relying on mobile phones to store data and do business, this poses quite a large security problem. Thankfully, these security breaches haven’t gone unnoticed. There are numerous ways to keep your mobile device secure, and more are being developed all the time.

What’s out there and how can we deal with it? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Mobile Apps: Protect Your Children’s Privacy and Identity

By | December 12th, 2012|Uncategorized|

This week the FTC released an alarming reporton mobile apps, announcing that hundreds of popular smartphone and tablet apps aimed at children are collecting personal data and sharing without proper disclosure to parents. Of the 400 apps surveyed from Apple’s App Store and the Google Play Store for Android, 60 percent sent the devices’ ID to third parties such as ad networks and analytics companies. Some of these ad networks are even storing this ID with more sensitive data such as email addresses and passwords.

This report has sparked a larger discussion among parents and industry professionals on how to combat these privacy and security concerns. Some of these apps are encouraging children to share personal information on social networking sites without providing any privacy notices. This topic highlights the importance of another issue – monitoring your child’s identity to protect them from the risk of identity theft. Below we’ve suggested some ways to equip your child with the proper tools to protect their identity when using a mobile device.

Educate

A recent study found that 72 percent of the 100 top-selling education apps in Apple’s App store were aimed at preschoolers and those in elementary school. Kids are being equipped with technology from a very early age. Parents need to provide children with an honest discussion on cybersecurity and the risks involved when providing personal information via an app to a social media site or the app itself.

Secure

To protect your child’s device, install a security app like Lookout. This will help protect them from downloading a bad app or visiting a malicious website. In addition, security apps can show you which apps can access your location and personal data.

Authenticate

The final measure of defense in protecting your child’s personal data is to use a strong password. A weak password (or no password) provides cybercriminals with the breadcrumbs necessary to accessing your personal data. Practice strong password habits by creating alphanumeric passwords with punctuation. 

Share your thoughts on mobile device privacy and security with us on Facebook and Twitter.

Load More Posts