Your mobile device's web browser is highly vulnerable to attack

Sunday, December 09, 2012 by: David Gutierrez, staff writer
Tags: mobile devices, web browser, hack attack

(NaturalNews) The web browsers on mobile devices such as cell phones and tablets are so unsafe that not even a team of cyber security experts was able to tell whether they were visiting a legitimate site or predatory one, in a study conducted by researchers from the Georgia Institute of Technology and presented at the 2012 Information Security Conference in Passau, Germany.

The study focused on the presence or absence of tiny graphic icons that typically appear in the URL field ("address bar") of the browser window. Known as either secure sockets layer (SSL) or transport layer security (TLS) indicators, these icons are used to assure web users that they are actually viewing the site that they meant to visit, and that their connection is secure.

The majority of information transmitted over the Internet is sent in a non-secure format. Two common indicators that a site is secure - and therefore, safe for transmitting passwords or financial information - are a small "lock" icon in the address bar and the prefix https (rather than http) at the beginning of the URL.

"We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States," researcher Patrick Traynor said. "The basic question we asked was, 'Does this browser provide enough information for even an information-security expert to determine security standing?' With all 10 of the leading browsers on the market today, the answer was no."

Not up to industry standards

Although the web browsers used on mobile devices do incorporate many of the same security and cryptographic tools as desktop browsers, the area of graphical indicators is one in which they consistently fall short. While essentially all desktop browsers successfully meet the security standards set by the World Wide Web Consortium (W3C), Traynor said, mobile browsers either follow the guidelines inconsistently or disregard them altogether. This is a serious problem, because it means that users of mobile web browsers are significantly more vulnerable to cyber scams and attacks.

"Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers," said lead author Chaitrali Amrutkar. "Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help."

According to Traynor, the main reason that mobile browsers consistently fail to use graphic indicators is simply that the screens of many mobile devices are so limited in space.

"We understand the dilemma facing designers of mobile browsers, and it looks like all of them tried to do the best they could in balancing everything that has to fit within those small screens," Traynor said. "But the fact is that all of them ended up doing something just a little different -- and all inferior to desktop browsers. With a little coordination, we can do a better job and make mobile browsing a safer experience for all users."

Sources:

http://www.sciencedaily.com/releases/2012/12/121205112829.htm