Today's Top Stories LAS VEGAS--Mobile devices infected with malware could compromise mobile point-of-sale (POS) terminals, warned researchers with MWR InfoSecurity. "It might be possible that by compromising the mobile device you are also able then to compromise the payment terminal from the device," explained Jon Butler, who is in charge of MWR InfoSecurity's U.K. research. "Mobile malware installed on a mobile device could look for a paired payment terminal. If it found one, it could initiate this compromise and create a network of terminals that could capture data input into them," Butler explained. The researchers examined chip-and-PIN card mPOS terminals that are paired with mobile devices. These terminals are used widely by small businesses, such as a local grocery store, and also by large companies like Apple. The researchers focused on chip-and-PIN card payment terminals in the U.K. Chip-and-PIN credit cards, also known as EMV cards, use a computer chip along with a PIN to conduct transactions, unlike in the U.S. market where credit cards use magnetic stripes and signatures. The researchers discovered that 75 percent of the mobile chip-and-PIN card payment terminals were made by the same manufacturer, used the same basic hardware components and ran the same software. After conducting research into the terminal's vulnerabilities, the researchers found that "in every case of a point of ingress to the terminal, there was some kind of vulnerability, varying in severity. The outcome was that we were able to gain control over the device completely," Butler said. Related Articles: Apple, Google mull Square buy Yankee Group: Mobile PoS is the new 'must have' for retailers Customizing the mobile experience: This time it's personal Read more about: Mobile Devices back to top | This week's sponsor is Gartner. | |  | If it seemed to you like the world already had enough smartphones, you'd be way off the mark. This past quarter alone saw a 26 percent increase in the number of smartphones in circulation over last year, with the number of smartphone shipments topping 290 million. Those numbers come from analyst firm Juniper Research, which provides analytical services to the global hi-tech communications sector. Juniper shared highlights of its research findings in an email to FierceMobileIT. According to the firm, Samsung now accounts for 26 percent of all smartphone shipments globally and had 75 million in shipments in the second quarter. That represents a 4 percent increase over last year for Samsung, the firm said. Posting its best quarter ever for smartphone shipments was Apple, which shipped over 35 million iPhones, representing a 13 percent increase over the same period in 2013. Other vendors also did well in the second quarter. Huawei shipped approximately 34.3 million smartphones for the first half of 2014, giving it a 7 percent market share. Lenovo shipped approximately 15.6 million smartphones in the second quarter for an increase in market share to 5.5 percent. LG also shipped a record number of smartphones in the second quarter, with 14.5 smartphones shipped, and a 20 percent increase over its numbers for the same time last year. Related Articles: Hilton trains its employees the mobile way The trials and tribulations of a mobile worker BlackBerry's motto: Never say die Read more about: LG, Samsung back to top LAS VEGAS--While Android is taking the consumer market by storm, iOS devices are growing in popularity in the enterprise in the face of a retreating BlackBerry. IT managers find iOS devices attractive because of their functionality and rock-solid reputation for security. However, while it is difficult, the latest version of iOS can be successfully hacked and jailbroken, explained Georgia Tech researchers at the Black Hat conference. Even the iPhone 5 running the latest iOS 7 software is not immune. The researchers examined an attack dubbed evasi0n7 that was able to jailbreak iOS 7 through an intricate nine step process. The program, developed by a team of hackers that go by the moniker evad3rs, first appeared early last year, explains this story at Forbes. Apple "fixed" that hole by plugging a number of the vulnerabilities in the evasi0n7 process, but not all of them. The Georgia Tech researchers took this as a challenge. They decided to see if they could find ways around Apple's solution and--needless to say since they are presenting at Black Hat--succeeded. "Not completely patching publicly disclosed vulnerabilities leaves the door open for other attacks," concluded Yeongjin Jang, one of the Georgia Tech researchers. So what can attackers do with a jailbroken iPhone? Once an iOS device is jailbroken, it no longer has the strong security protections installed by Apple. This makes it easier for malware to get onto the device, especially if the user downloads apps from a non-official app store. This malware could find its way onto the corporate network, particularly if it is a BYOD device. For more: - read the Forbes article on evasi0n Related Articles: Backdoors in iPhones could give NSA, hackers access to sensitive data, says researcher Pangu exploits enterprise certificate to jailbreak iOS devices Apple iOS and Android security worries the same, yet different Read more about: Evasi0n, iOS 7 back to top |
No comments:
Post a Comment
Keep a civil tongue.