Today's Top Stories LAS VEGAS--Mobile broadband modems, used by business travelers and others to get 4G speeds on their laptops, are vulnerable to web-based attack, warned Andreas Lindh, security analyst with ISecure Sweden, during a session at the Black Hat security conference. Mobile broadband modems, also known as USB modems, are "easy to attack" because vendors share their codes. "If you can get an attack working on one device, there is a pretty good chance that attack will work on other devices," Lindh said. The USB modem market is dominated by two vendors--Huawei and ZTE--which together control 80 percent of the market, according to stats from Strategy Analytics cited by Lindh. USB modems run embedded Linux, have Web interfaces and do not require authentication, making them susceptible to intrusion. Attackers have three primary attack vectors: configuration attacks, functionality abuse and injection attacks. One type of configuration attack is called domain name system (DNS) poisoning, which is the "corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address," according to TechTarget's Margaret Rouse. Modems come with a default connection profile, Lindh explains. An intruder can use a cross-site request forgery (CSRF) attack to add a new profile, replacing the default profile, without the user's knowledge. Then he could gain backdoor access to any device connected to the laptop. "This is an easy and powerful attack," opined Lindh. A type of functionality abuse is launching a CSRF attack to make the modem send SMS messages to a premium number operated by the attacker. Lindh explained that he informed the vendors about the vulnerabilities. Unfortunately, vendors can't push fixes directly to end users but must go through the carriers. As a result, "most devices will never get patched," he lamented. For more:
- read Margaret Rouse's explanation on cache poisoning
Related Articles:
TechNavio: Mobile device semiconductors, touch panel displays to see healthy growth
Mobile broadband modem, router market will decline slightly this year
Ericsson: Mobile broadband subscriptions to exceed 2 billion this year
| This week's sponsor is Gartner. | | 
|
Things are definitely picking up in the IT job market, according to several recent forecasts, and IT workers are increasingly going mobile to find new opportunities. According to the "Job Seeker Nation: Mobility in the Workforce Study" from Jobvite, a comprehensive recruitment platform, mobile-based job seeking has become a way of life for what the study terms the "high mobility" job seeker, meaning employees most likely and willing to move around in the job market. But the study finds that the other use of the term mobility--that of mobile technology--is just as accurate for today's IT worker. Behavioral differences lie in how active or passive a job seeker is. In an email to FierceMobileIT, Dan Finnigan, president and CEO of Jobvite, noted: "While both high and low mobility job seekers actively use mobile in their job search, how they use mobile differs significantly; high mobility job seekers are more inclined to use LinkedIn, whereas low mobility job seekers prefer Facebook. For today's job seeker, mobile is an essential tool in the job hunt, regardless of skill set, education level, or market demand." High mobility job seekers are twice as likely to use recruiters or social media in their job searching, Finnigan explains. These job seekers are savvier about their social media privacy. Low mobility job seekers, on the other hand, prefer to use referrals and Internet job boards in their search. "Both tiers of the labor market find the ability to apply for jobs on a smartphone important," Finnigan stresses. "This emphasizes the increasingly prevalence of mobile for the always-on job seeker as job shopping becomes an extension of everyday life."
Related Articles:
CIOs to recent grads: be flexible
Recent hiring studies offer conflicting messages
Growing IT layoffs add to recruiter feeding frenzy Read more about: Smartphones, mobility
back to top
Hilton Worldwide is strengthening worker efficiency through mobile training and BYOD offerings, according to an article at Mobile Enterprise. The push for this training comes from Hilton's mobile-first attitude in hospitality. As FierceMobileIT reported, Hilton will soon offer digital check-in, room selection, customization of stay and digital check-out. Hilton hopes to implement technology that allows customers to use smartphones as room keys by the end of 2015. Hilton's senior vice president and global head of digital Geraldine Calpin told Mobile Enterprise that employees have full access to Hilton's digital offerings--sites, apps and even training--on their mobile phones or "company mobile phones." In addition to BYOD, Calpin also tells Mobile Enterprise of success the enterprise has found with remote working. "We have work-from-home and virtual global teams using mobile technology and allowing us to be flexible for our Team Members location and flexibility needs," Calpin is quoted as saying. The article states how many Hilton employees have already been trained to use the new technology and the number of employees they will have trained by the initiative's end--18,000 and 30,000, respectively. Hilton employees can use tablets and mobile phones for this training, which takes less than one hour according to Mobile Enterprise.
For more:
- read the Mobile Enterprise article
Related Articles:
Hilton is betting $500M that mobile will give it an edge in the hotel wars
BYOD benefits: Industry experts weigh in
BYOD policy success requires balancing act Read more about: Hilton
back to top
| 
No comments:
Post a Comment
Keep a civil tongue.