Blog9 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device? Security 

Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

You would be hard pressed to find anyone who does not at least know of wearable technology. Today, we take a look at what security pitfalls exist within these wearable devices.

What is wearable technology?

We said it may be hard-pressed to find anyone who may not know of the concept. However, in the interest of the discussion, allow us to further clarify what is meant by wearable technology. These are also called “wearable gadgets”. You’ve probably seen a smart watch by Apple or Android Wear. These are classified under wearable technology.

The ones that permeate the market the most are fitness trackers. Sales of wearable electronic devices have spiked since 2015. More and more manufacturers are trying to break into the market even as we speak. However, what are the potential vulnerabilities and risks of using a wearable device?

w2 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

Too easy to access

One of the main concerns about wearable gadgets is the fact that there is very little form of access limitation. There is no code or PIN needed to access the information stored within. So if you ever have your smart watch stolen, the thief does not need to get past an access code to get your details.

No encryption of data

The main appeal of a wearable device is that data can be transferred from the device to a larger computer system. However, it is precisely this that can be the source of trouble. While the date is transferring, it is not encrypted. So anyone who is able to do so can intercept the information and all the data would be plain to see.

As wearable technology can be used to conduct purchases, communication, and many other things, the data stored and being transferred is quite valuable to identity brokers in the black market.

Database vulnerability

Apps collect information about their end users. The logic behind this is that they use this data to further streamline the service they provide. All the data is stored in their database. Now, if someone were to target the database, there is a whole lot of information present that could be quite damaging.

Wearable devices often have a location tracker. Hackers and criminal can make use of this to determine the user’s location and take advantage of it.

w1 - Our Brand New Wearable Technology: What Safety Pitfalls Exist In Your Device?

Wearable technology is here to stay

There is no denying the sheer convenience of wearable technology. Developers are now aspiring to make use of wearable tech to provide better services in the field of healthcare. Hardware and software developers predict that wearable gadgets will be standard tools for law enforcement and medicine.

Some even say that they are looking into implantable technology. That opens a new can of worms entirely. While wearable tech does help improving the quality of life of its users, developers need to step up with regard to the mobile security of the gadget and the database.

Do you have a wearable device? Let us know if you’ve ever experienced any security risks. It always pays to be informed.

Read More
Blog6 - Be Fully Aware: The Latest Threats to Your Mobile Device Security Security 

Be Fully Aware: The Latest Threats to Your Mobile Device Security

We at MOSTCONF are wholly dedicated to providing relevant discussions about mobile device security. With the continued increase in threats and vulnerabilities, it is important to be aware.

What is mobile security?

It is the active protection of smartphones, tablets, and other mobile devices. The goal is to defend these devices and the networks they connect to from risks and vulnerabilities.

What are mobile security threats?

If there are viruses for computer systems, there are several security threats that are made specifically to affect mobile devices. These are broken down to different categories which derive from where the threat is based: applications, web, network, and physical.

Application-Based Issues

One of the best virtues of smartphone is the applications that users can utilize for a variety of purposes. However, it was only a matter of time before criminal intent was applied. Unsuspecting users end up downloading innocuous looking apps, not realizing that these were made to penetrate security systems. It should be noted as well that even legitimate applications can be exploited for ill intent. Even legitimate apps such as Office 365, Google Suite products and Dropbox fall victim to intrusions – which is why having backups is so important.

App based hazards normally fall under these categories: malware, spyware, privacy threats, and vulnerable apps. Nowadays it’s not unusual to hear about mobile ransomware. Ransomware refers to programs that target important files and documents. These are then encrypted and are only released back to their owners pending a financial transaction.

Spyware collates data without your knowledge. A similar issue was that of Carrier IQ.

Web-Based Issues

One of the greatest things about mobile phones is that it can now connect to the internet. Web-based threats are normally confined to actual computer systems.

 Empowering users is a good way to avoid phishing scams, adware, viruses, and worms.

h1 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

Network Issues

If you’ve ever been warned to avoid “free” public Wi-Fi, you’d be wise to do so. Public Wi-Fi is intrinsically unsecure. Hackers can intercept critical information like credit cards, names, and addresses. If you use public Wi-Fi, it would be best to treat it like everything you do can be seen by a third-party.

Physical Issues

There is a reason why phones are often targets of physical robberies. Not only is the hardware worth a lot of money, the information criminals can harvest from the physical phone is worth even more. Identity theft, the fraudulent use of another person’s information, is a booming market.

Terrible people used to go through mailboxes and trash bins to find sensitive information. Now, they target mobile devices.

h2 - Be Fully Aware: The Latest Threats to Your Mobile Device Security

You are part of your security

As there will be more and more threats that will be launched, it is paramount that users be made part of the defense of their mobile devices. While hardware and software developers are constantly coming up with better ways to safeguard their users, it is the users themselves who must stop undermining security efforts.

It is important to read up on the latest threats and vulnerabilities your system is exposed to. Avoid unfamiliar apps and suspicious public Wi-Fi access. In the end, the strongest point of security is you.

Read More
Blog5 - MoSt 2015: Mobile Security Technologies 2015 Computers Security 

MoSt 2015: Mobile Security Technologies 2015

We move on to the next in our series of hindsight discussions. Today, we discuss Mobile Security Technologies 2015. Join us as we look back on thoughtful discussions we had that year. Like previous years, MoST brought together brilliant minds that continued to blaze trails in the fields of mobile security.

This year’s keynote speaker was Adrian Ludwig, a head engineer for Android security at Google. He holds a BA in Mathematics from Williams College and an MBA from the University of California in Berkeley. He discussed Android Security Data and Research Directions. It was a thoughtful discussion regarding Google’s complete dedication to providing end users with upgraded protection from malware and other forms of cyber attacks.

d2 - MoSt 2015: Mobile Security Technologies 2015

This was quite relevant that year as a staggering amount of T-Mobile users had their information compromised. Granted, that their details were taken after the company Experian was hacked. However, this hack was damaging as it took a lot of crucial personal data from users. These are critical information that could, at any point in time, be carried by mobile devices.

Mobile devices have seen a total spike in malware attacks which particularly target programs and applications that have transactional value. At least 25% of all mobile devices have encountered threats each month. This comes after 2014 where in 1 in 5 Android users have experience a mobile threat. iOS users were not in the clear as well. In the year 2015, iOS users had experienced a 262% increase in the number of vulnerabilities since 2011.

While much has been done to provide end users with better applications, user complacency has always been a large factor in mobile security. A lot of users still install apps and software from unverified sources. Another source of vulnerability is the fact that end users dig in their heels when it comes to OS updates. The greatest vulnerability that permeates mobile devices would be users that jailbreak or root their units in order to access free programs.

We cannot place enough emphasis on that last one. When you jailbreak your phone, your actions completely remove your phone’s built-in security features. Every researcher who has spoken at MoST have placed critical emphasis on educating end users and making them part of keeping their mobile security intact.

d1 - MoSt 2015: Mobile Security Technologies 2015

A submission entitled “Analyzing End Users’ Knowledge and Feelings Surrounding Smartphone Security and Privacy” stressed the drastic increase of threats that users face. This paper proposed that researchers must focus on security by default mechanisms. These should be configured in a simple manner as to not alienate less technical savvy users. They clarified that additional empirical research must be done better understand how an end user can be made an intrinsic part of their mobile device security. If end users are made aware of threats and mitigations, they will be better equipped to protect their assets.

MoST has continued to provide much needed spotlight on fresh perspectives that trickle into what we know mobile security is today. It is a completely wonderful achievement for all.

Read More
Blog3 - MoST Preparations: Submission Formatting and Topics Computers Security 

MoST Preparations: Submission Formatting and Topics

We’ve discussed receiving submissions for the conferences we’ve held. Today, we share the sort of formats and submissions that we are always looking out for. As always, our conferences are geared toward bringing together researchers, practitioners, and developers of mobile systems. Our goal is to provide an area in which we may all further explore the precepts of mobile security and its vulnerabilities.

In the interest of future preparation, we’ll be sharing the categories and requirements for submission entries. We accept both short (2-4 pages) and long (10 pages maximum) papers. To provide you an example, for the 2014 MoST conference, the submissions we received touched upon the topics of:

  • Privacy
  • Vulnerabilities of cloud storage
  • Secured communication networks
  • The economic impact of security and privacy tech
  • Operating systems

The other topics that MoST 2014 aimed to discuss are: device hardware, middleware, secure app development tools and practices, usable security, identity and access control, specialized applications, secure apps and application markets.

img1 - MoST Preparations: Submission Formatting and Topics

The papers which were accepted were all published online in the workshop proceedings. It is to be noted that we strictly enforce that submissions must be original and cannot be simultaneously submitted to other journals or conferences.

We believe in impartial review. As such, we always request that papers are formatted to suit anonymous review. Papers must have no author names or affiliations presented on the title page. The author must always be careful to avoid revealing who they are through any of the passages of their findings. When referring to previous works or findings, it is required to refer to them as if they were done by someone else. We expect strict compliance. Papers that do not adhere to this are immediately rejected without review.

If you are interested in submitting any papers for any of our workshops or conferences, allow us now to discuss page limits and formatting.

Short Submissions: Short paper submissions must not exceed four pages.
Long Submissions: Long papers must not exceed ten pages. This shall include all references and appendices.

We require submissions be formatted for US letter size paper. Margins are set at ¾ on all sides. All text shall be formatted in a two-column layout. These columns are not to be more than 9 inches in height and 3 inches in length. All text must be in the font of Times New Roman. We encourage those who aim to submit their works to make use of the IEEE conference proceeding templates.

img2 - MoST Preparations: Submission Formatting and Topics

Once you are satisfied with your discourse, it’ll be time to submit. All submissions must be in PDF form and error free.  For our 2014 conference, the submission deadline was by March 10th. We’ve been fortunate to have IBM Research’s Kapil Singh as our program chair. We’ve had the pleasure of having program committee members that come from establishes tech companies and universities.

Every MoST conference aims to build the network of those greatly interested in bettering everyone’s mobile security. We should strive to work together.

Read More
Blog - MoST 2012: Mobile Security Technologies 2012 Computers Security 

MoST 2012: Mobile Security Technologies 2012

One of the best ways to know where you’re going is by looking behind you. Today, we take a look at some of our past conferences that you can use as a comparison point for latter events.

This conference was held last May 24 in the year 2012 in Westin St. Francis Hotel in San Francisco. We brought together practitioners and policy makers that helped attendees explore the mobile security advances of that time. This conference had both on-site and online registration for the workshops available that day.

We had Peter Eckersley come in and give a talk about Carrier IQ, quite the cause for controversy back then. It was found that Carrier IQ gathered data on its users and were not transparent regarding what the date was used for. Carrier IQ was formerly partnered with corporate giants like Sprint, AT&T, and even T-Mobile. Eckersley’s talk was entitled “Spies in our Pockets: Lessons from the Carrier IQ Scandal about Privacy and Transparency on Contemporary Cellular Networks.”

Carrier IQ was a privately held operation in California. In 2015, Carrier IQ was acquired by AT&T. It is unknown whether or not AT&T has scrapped the software which was able to monitor on-screen selections.

Eckersley, at the time, did technical policy work on a variety of issues which ranged from privacy to network neutrality. From there, MoST 2012 went on to have other Speakers present papers. These short position papers were submitted to discuss the topics of vulnerabilities and remediation techniques, risks in networks or clouds, and many more.

m1 - MoST 2012: Mobile Security Technologies 2012

At this point in time, it was evident that mobile security was something that needed surveillance from the general public. The outcry that had followed the Carrier IQ controversy showed that users cared quite deeply about their personal information and what it could be used for.

This particular conference also brought in people from Dalhousie University and IBM T.J Watson Research Center to discuss the concept of the Mobile Web. This session’s chair was Larry Koved. The afternoon session comprised of a discussion about Application Security and Privacy. Students from Seoul National University shared their research regarding a static analyzer that could detect privacy leaks in Android apps. Students from Virginia Tech shared their analysis on malicious mobile apps. A short break followed.

MoST 2012 was a success in bringing together like-minded individuals. We provided a safe space wherein the pioneers of latter technological advances were able to have a soundboard for their studies and analysis. If there was anything that we learned from this, it was the fact that the concept of mobile security and privacy was something to be safeguarded.

At that point in time, Apple and Samsung were all launching smartphones. They launched mobile devices that allowed users to purchase anything with a tap of a screen. This capability pretty much announced to the world that sensitive information was there for the taking. These mobile devices were infinitely alluring targets for hackers. That is why we strive to promote mobile security.

Read More