SmartMetric Inc (SMME)

[PoorP-S]

SMME to save us from iPhone Apps

Here we go again. iPhone Apps are open to attack from fraudsters, including its banking and business Apps. Why is this relevant you ask... Its relevant to you all because this is the space in which Smartmetric is trying to make a difference, in the banking and finance world. And this technology is exactly what Smartmetric is trying to save us from. Read on 'cos Apple doesn't care. It is passing the buck! Apple takes no responsibility for products it allows on its platform. This is not an attack on Apple: its an attack on the way things are right now, and somehow we all permit it to be this way.

A press release this afternoon reveals that this new, sexy, technology just ain't anywhere near its all supposed to be. It does not protect us. It does not make us safe from identity fraud. It does not protect our finances - finances we've worked all our lives for. All it does is speed up the line at check-out. And at check-out nobody looks at what is going on at the POS machine - they just tap'n'go while watching the TV screen in the background (refer recent ANZ Apply Pay television ad campaign).

Aren't your own savings and your own identity worth the extra few seconds at the POS at check-out? You think the financial institution is going to carry the risk of any fraud or theft of your money don't you, 'cos they say they will? And you also think they won't pass on all the costs back to you in fees and other charges, and by making your life difficult when it happens and you make a claim? Even if they do take your word for it when it happens to you, you will have no card for a while and you will need to re-sort your business while the investigation unfolds, blah blah....

At least if Smartmetric can do what it says it can do, what it is trying to manufacture and take to market, then we will have a great amount of protection from credit card fraud, identity fraud and financial theft from our accounts. The Apps that this press release refer to are those that many people choose to use and these people are leaving themselves open to attack.

Experts report iPhone Apps vulnerable to hacking

SECURITY experts have identified a new flaw found in dozens of popular iPhone apps that could let hackers gain access to your sensitive data including banking details.

Infosec expert Will Strafach has published a blog post warning that a scan of popular apps on the Apple App Store had found 76 apps vulnerable to attack, with a “backdoor” which would allow a hacker to carry out “man in the middle” attacks that let them access the data being sent from the phone to the cloud.

The blog post names 33 apps that are vulnerable to attack, including a banking app called FirstBank PR Mobile Banking and the Uconnect Access app that lets people locate their car and remotely unlock it.

The apps named in the blog post today are considered low risk, but Strafach warns there are 43 apps that are high or medium risk of being hacked which will be named in a few weeks after the app developers have been given the chance to fix the flaw.

Strafach said the security hole “is derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner”.

Several of the apps on the list released today are add-on apps for Snapchat users, including apps to upload photos and videos to Snapchat and apps for increasing Snapchat contacts. Another app, called Epic!, promises “unlimited books for kids”.

Mr Strafach said the type of flaw meant Apple was not able to issue a widespread fix, because to address the problem in that way would make the apps more vulnerable to attack.

“The onus rests solely on app developers themselves to ensure their apps are not vulnerable,” he said.
The blog post contains the full list of apps named and shamed so far.

Mr Strafach says the bad design was mainly a problem when the phone was connected to a wi-fi network.

“If you are in a public location and need to perform a sensitive action on your mobile device (such as opening your bank app and checking your account balance), you can work around the issue by opening “Settings” and turning the “Wi-Fi” switch off prior to the sensitive action,” he said.

“While on a cellular connection the vulnerability does still exist, cellular interception is more difficult, requires expensive hardware, is far more noticeable, and it is quite illegal (within the United States).
“Therefore, it is much less plausible for an attacker to risk attempting to intercept a cellular data connection.”