Tuesday, February 07, 2017 4:34:37 AM
Here we go again. iPhone Apps are open to attack from fraudsters, including its banking and business Apps. Why is this relevant you ask... Its relevant to you all because this is the space in which Smartmetric is trying to make a difference, in the banking and finance world. And this technology is exactly what Smartmetric is trying to save us from. Read on 'cos Apple doesn't care. It is passing the buck! Apple takes no responsibility for products it allows on its platform. This is not an attack on Apple: its an attack on the way things are right now, and somehow we all permit it to be this way.
A press release this afternoon reveals that this new, sexy, technology just ain't anywhere near its all supposed to be. It does not protect us. It does not make us safe from identity fraud. It does not protect our finances - finances we've worked all our lives for. All it does is speed up the line at check-out. And at check-out nobody looks at what is going on at the POS machine - they just tap'n'go while watching the TV screen in the background (refer recent ANZ Apply Pay television ad campaign).
Aren't your own savings and your own identity worth the extra few seconds at the POS at check-out? You think the financial institution is going to carry the risk of any fraud or theft of your money don't you, 'cos they say they will? And you also think they won't pass on all the costs back to you in fees and other charges, and by making your life difficult when it happens and you make a claim? Even if they do take your word for it when it happens to you, you will have no card for a while and you will need to re-sort your business while the investigation unfolds, blah blah....
At least if Smartmetric can do what it says it can do, what it is trying to manufacture and take to market, then we will have a great amount of protection from credit card fraud, identity fraud and financial theft from our accounts. The Apps that this press release refer to are those that many people choose to use and these people are leaving themselves open to attack.
Experts report iPhone Apps vulnerable to hacking
SECURITY experts have identified a new flaw found in dozens of popular iPhone apps that could let hackers gain access to your sensitive data including banking details.
Infosec expert Will Strafach has published a blog post warning that a scan of popular apps on the Apple App Store had found 76 apps vulnerable to attack, with a “backdoor” which would allow a hacker to carry out “man in the middle” attacks that let them access the data being sent from the phone to the cloud.
The blog post names 33 apps that are vulnerable to attack, including a banking app called FirstBank PR Mobile Banking and the Uconnect Access app that lets people locate their car and remotely unlock it.
The apps named in the blog post today are considered low risk, but Strafach warns there are 43 apps that are high or medium risk of being hacked which will be named in a few weeks after the app developers have been given the chance to fix the flaw.
Strafach said the security hole “is derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner”.
Several of the apps on the list released today are add-on apps for Snapchat users, including apps to upload photos and videos to Snapchat and apps for increasing Snapchat contacts. Another app, called Epic!, promises “unlimited books for kids”.
Mr Strafach said the type of flaw meant Apple was not able to issue a widespread fix, because to address the problem in that way would make the apps more vulnerable to attack.
“The onus rests solely on app developers themselves to ensure their apps are not vulnerable,” he said.
The blog post contains the full list of apps named and shamed so far.
Mr Strafach says the bad design was mainly a problem when the phone was connected to a wi-fi network.
“If you are in a public location and need to perform a sensitive action on your mobile device (such as opening your bank app and checking your account balance), you can work around the issue by opening “Settings” and turning the “Wi-Fi” switch off prior to the sensitive action,” he said.
“While on a cellular connection the vulnerability does still exist, cellular interception is more difficult, requires expensive hardware, is far more noticeable, and it is quite illegal (within the United States).
“Therefore, it is much less plausible for an attacker to risk attempting to intercept a cellular data connection.”
Recent SMME News
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 06/10/2024 09:22:17 PM
- Form NT 10-Q - Notification of inability to timely file Form 10-Q or 10-QSB • Edgar (US Regulatory) • 05/15/2024 01:54:15 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 02/21/2024 06:41:03 PM
- Credit Card to Prevent Fraudelent Activities • AllPennyStocks.com • 12/21/2023 08:00:00 PM
- Credit Card to Prevent Fraudulent Activities • AllPennyStocks.com • 12/21/2023 08:00:00 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 11/20/2023 08:30:16 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 11/07/2023 11:00:48 AM
- Form 253G1 - • Edgar (US Regulatory) • 11/06/2023 04:10:16 PM
- Form QUALIF - Notice of Qualification [Regulation A] • Edgar (US Regulatory) • 11/06/2023 05:15:06 AM
- Form 1-A POS - • Edgar (US Regulatory) • 10/20/2023 07:26:28 PM
- Form 10-K/A - Annual report [Section 13 and 15(d), not S-K Item 405]: [Amend] • Edgar (US Regulatory) • 10/19/2023 08:20:09 PM
- Form 10-K/A - Annual report [Section 13 and 15(d), not S-K Item 405]: [Amend] • Edgar (US Regulatory) • 10/18/2023 09:26:13 PM
- Form DEF 14C - Other definitive information statements • Edgar (US Regulatory) • 10/16/2023 10:00:11 AM
- Form 10-K - Annual report [Section 13 and 15(d), not S-K Item 405] • Edgar (US Regulatory) • 10/13/2023 08:58:03 PM
- Form NT 10-K - Notification of inability to timely file Form 10-K 405, 10-K, 10-KSB 405, 10-KSB, 10-KT, or 10-KT405 • Edgar (US Regulatory) • 09/27/2023 07:27:47 PM
- Form PRE 14C - Other preliminary information statements • Edgar (US Regulatory) • 09/26/2023 11:39:30 AM
VHAI - Vocodia Partners with Leading Political Super PACs to Revolutionize Fundraising Efforts • VHAI • Sep 19, 2024 11:48 AM
Dear Cashmere Group Holding Co. AKA Swifty Global Signs Binding Letter of Intent to be Acquired by Signing Day Sports • DRCR • Sep 19, 2024 10:26 AM
HealthLynked Launches Virtual Urgent Care Through Partnership with Lyric Health. • HLYK • Sep 19, 2024 8:00 AM
Element79 Gold Corp. Appoints Kevin Arias as Advisor to the Board of Directors, Strengthening Strategic Leadership • ELMGF • Sep 18, 2024 10:29 AM
Mawson Finland Limited Further Expands the Known Mineralized Zones at Rajapalot: Palokas step-out drills 7 metres @ 9.1 g/t gold & 706 ppm cobalt • MFL • Sep 17, 2024 9:02 AM
PickleJar Announces Integration With OptCulture to Deliver Holistic Fan Experiences at Venue Point of Sale • PKLE • Sep 17, 2024 8:00 AM