London: A cheap mobile phone application that can track the precise location of passenger aircraft in the sky can be a serious terrorist threat, security experts have claimed and called for its immediate ban.
The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google’s Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft.
The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar.
Apparently the ADS-B transmits all this information in clear text. If this information can be used to aid terrorists, why is it not encrypted? Don’t blame the developer. Blame the people who built the ADS-B system!!
With the increasing popularity of mobile devices like iPhones and Android-based phones, we are beginning to see targeted malware, raising the question, do we need anti-malware for our mobile devices? ReadWriteWeb Enterprise was prompted to write an article on this topic as a result of the Android game Tap Snake which was reported to be spyware.
It appears the mobile anti-malware market is fairly immature:
I took to the opportunity to test a few of the anti-malware apps available on the market: antivirus free from droidSecurity, Lookout, Symantec‘s Norton Mobile Security for Android beta, and Smobile. I was also going to try SmrtGuard, but I couldn’t get the app to activate before Tap Snake was removed from Android Market. Of those four apps, only one detected Tap Snake as a potential threat.
The article goes on to say that tightly controlling what apps can be loaded onto mobile devices may all enterprises need at this time.
Apparently Juniper and McAfee think so. Juniper recently announced that it was acquiring SMobile Systems for $70 million. McAfee acquired TenCube. Another product in this space is Lookout.
Finally, which operating system do you think is more secure? Do you prefer closed vs. open source? Here is a recent article from Network World discussing this issue.
Slate recently published an article entitled, "The End of
Malware?" The sub-title is, "How Android, Chrome, and the iPad are
shielding us from dastardly programs." The premise trotted out the
usual, Windows is insecure; Android, Chrome, and the iPad are more
secure because they deploy sandboxing technology, i.e. restricting an
application's access to operating system resources.
While this may be a good thing, it is hardly the "end of malware."
Not even close.What the author is missing is the intent and motiviation
of the bad guys. They go where the money is, i.e. where there is the
opportunity to steal cash from people's bank accounts, steal credit card
information, steal intellectual property they can sell. At present,
these opportunities are minimal on Android, Chrome, and iPads. Once
there is critical mass for profitable hacking, you will definitely see
an increase in exploits on these devices.
Now even with limited opportunities for profitable hacking we are
starting to hear about vulnerabilities on these devices. Just yesterday I
wrote about a Massive iPhone
Security Issue where passcode protected content on the iPhone can be
accessed by simply attaching the device to a computer running Ubuntu or
OSX. Therefore, if you lose your iPhone, your passcode protection is
useless.
If you need to hear more, check out the June 3 article in the Wall
St. Journal, Dark Side Arises for Phone Apps. Here are some key
quotes, first on Google:
In one incident, Google pulled dozens of unauthorized
mobile-banking apps from its Android Market in December. The apps,
priced at $1.50, were made by a developer named "09Droid" and claimed
to offer access to accounts at many of the world's banks. Google said
it pulled the apps because they violated its trademark policy.
The apps were more useless than malicious, but could have been
updated to capture customers' banking credentials, said John Hering,
chief executive of Lookout, a mobile security provider. "It is becoming
easier for the bad guys to use the app stores," Mr. Hering said.
And on Apple:
Apple vets applications before they appear in its App
Store, but risks still exist. In July 2008, Apple pulled a popular game
called Aurora Feint from its store after it was discovered to be
uploading users' contact lists to the game maker's servers. More
recently, it yanked hundreds of apps it said violated its policies,
some out of security concerns.
In conclusion, while sandboxing is a good idea, there is no silver
bullet when it comes to security.