![]() However, even the best training against phishing attacks and the best Android antivirus apps won't stop attacks that come from the kernel, the underlying part of the mobile operating system to which the user doesn't have access. ![]() But authenticator app codes can be stolen in phishing attacks, and as we saw yesterday, by Android malware in screen-overlay attacks. More: Stay secure on the go with the best mobile VPN appsĪuthenticator apps beat SMS texted codes as 2FA second factors because app codes can't be intercepted over the air, aren't tied to a phone number and never leave the device."Fully patched Android is more difficult to go after." "We charge three times as much for an Android pentest than we charge for an iOS one," Turner said, referring to an exercise in which hackers are paid by a company to try to penetrate the company's security. "iOS is still good, but Android's SELinux is the bane of my existence as someone who's building exploits." The iPhone's Secure Enclave offers "some additional security, but the authenticator apps aren't using those elements," said Weidman, founder and chief technology officer of Washington-area mobile security provider Shevirah, Inc. There are just as many known exploits for either one, and Weidman extracted the encryption keys from an older iPhone in a matter of seconds onstage. My client was traveling in a high-risk country, his phone was cloned and then after he left the country, all sorts of interesting things happened to his accounts." Some Android phones are safer than iPhonesĪnd don't think iOS devices are safer than Android ones - they're not. "All an attacker would need to do is to get an iPhone 4 exploit. "One of my clients had an iPhone 4 and was using Microsoft Authenticator," Turner said, indicating another authenticator app. ![]() The problem is that if an attacker or a piece of mobile malware can get into the kernel of iOS or Android, then it can do anything it wants, including presenting fake authenticator-app screens. ( Slides for Turner and Weidman's presentation (opens in new tab) are available on the RSA website.) To be fair, Samsung was far from the worst offender among phone makers in the study Turner cited, and the study authors later said "they got it wrong" (opens in new tab) regarding Samsung's issues, without going into further detail.
0 Comments
Leave a Reply. |