Security News Roundup: Can You Hear Me Now?

Sometimes, the price of success is unwanted attention. Witness the apparently stratospheric rise in malware on the Android mobile platform. With mobile usage continuing to explode, coupled with the vast array of valuable data we store and access from our phones, it should come as no surprise that the  bad guys want a piece of the action.

Why does Android seem prone to these issues? Part of the answer lies not in the technology, but in the end user. Hacking the human mind continues to yield some rich pickings. Disappointingly, we just keep clicking on stuff without thinking. Where’s the patch for that?

We can’t help recalling the uproar a few years ago when “free” webmail services were all the rage. The big deal then was the realisation that these providers could actually read your mail. The very thought! Roll forward to the present day, and not only have we completely forgotten about that, we’re storing all sorts of data in all sorts of places, without a care in the world.

Lost or stolen USB keys, DVDs and  laptops were also big deal, but now that’s all passé.  Now we have an even better way to lose sensitive data that we shouldn’t even be storing in the first place. Yes, it’s bring your own cloud, the thoroughly modern approach to data storage that has done for data security what King Henry VIII did for gender equality.

Emails aren’t secure, data is at risk of compromise more or less all the time. What’s left?  The good old cellphone system. That’s probably secure. By “probably”, of course we mean “probably not”. Witness this post via Bruce Schneier highlighting the techniques used by the FBI in order to intercept phone data and track users. Very informative.

But is it controversial? An organisation that tracks your location, knows all your contacts, reads your emails and extracts data from your phone? This is, of course,  completely unheard of on the Internet. On a mobile phone. We’re sure you see our point here.

Let’s end with a summary. We’re using mobile platforms that are full of holes, to store data that we shouldn’t be storing, on cloud services that are insecure; whilst assorted governments, commercial organisations and bad guys all compete for access to that data, right in the palm of our hands.

Who says information security is boring?

Useful links:

Get the most from GDPR penetration testing

Sample PCI DSS Penetration Testing Policy

Sample PCI Penetration Testing Procedures

Leave a Reply