Mobile Security Threats Continue To Grow

According to industry analysts, mobile device shipments will exceed a billion devices in 2015 and will rapidly outrun PC shipments. That’s great news for end user convenience, mobility, and work-anywhere productivity. But it also means that enterprises must prepare for the fact that the criminals will target these devices with attack exploits, spyware,
and rogue applications.

And while IBM’s IT security research team, X-Force, predicts a modest 33 software exploits targeting mobile devices in the year ahead, that’s roughly twice the number of such attack code released in the past year.

The group also sees a number of other troubling mobile security trends. First, when software flaws do surface, many mobile phone makers do not rapidly deploy software patches to devices; malicious apps are often distributed through third-party app markets. Another troubling trend is that some mobile malware can collect end user’s personal information for use in phishing attacks.

An example of vulnerabilities that would make such attacks possible are the two recent Android security flaws that were reported to affect popular handsets including the AT&T Samsung Galaxy SII and various HTC devices.

The security find announced by security researcher Trevor Eckhart, called HTClogger (logging tools introduced by handset maker HTC) that could leak email account information, user location, phone numbers, and messaging logs.

Handset maker HTC said, in a statement, that it is working to quickly issue an update to its customers. “HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly,” the company said.

Source….

Sony Hacked Again

More than 2000 users of Sony Ericsson’s Canadian Website are impacted by the latest hack attack to hit a battle worn Sony. Sony Ericsson is joint mobile phone venture between Sony and Ericsson. According to Sony hackers made off with e-mail addresses, passwords and phone numbers–but no credit card details. Sony has now shut down the affected site. Around 1000 of the stolen records from the Sony Canadian Website are already online, posted by Idahc, a “Lebanese grey-hat hacker”.

“Sony Ericsson’s Website in Canada, which advertises its products, has been hacked, affecting 2000 people,” a Sony spokesperson told AFP. “Their personal information was posted on a Website called The Hacker News. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information.”

“Sony Ericsson has disabled this e-commerce Website,” Sony detailed to IDG News. “We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers.” For security, Sony has shut down the Canadian Sony Ericsson eShop page, which currently reads: “D’oh! The page you’re looking for has gone walkabout. Sorry.”

Read More…..