Around 600 million Samsung smartphone users were taken aback in June of this year when reports came out that a major loophole in the SwiftKey typing software increased the risk of hacking. SwiftKey is software already included on Samsung devices and installs updates in plain text, which can let a hacker hijack the update and remotely execute code and malware. How do these kinds of security failings affect the average smartphone user?
- Personal Data at Risk: Sensitive personal information such as text messages and pictures can be accessed by the hackers.
- Installation of Malware: Without the user’s knowledge, hackers can install malicious apps and can also tamper with the working of other apps installed on the smartphone.
- Compromised Security of Sensors: The smartphone’s camera, microphone, and GPS can be accessed, as well as messages and voice calls can be tapped by a third-party.
NowSecure, the security company which identified the loophole in Swiftkey, said that Samsung smartphones are particularly vulnerable when logged on to insecure networks such as a public Wi-Fi network. Though SwiftKey and Samsung are working to address this security issue, it poses a very important question – how are smartphone manufacturers fixing the loopholes in various apps? The question that also needs to be asked is whether smartphone makers are taking security seriously or whether users’ privacy is being compromised in the overall process.
Are Smartphone Manufacturers Willing to Fix Security Loopholes?
Researchers from Germany’s Fraunhofer Institute for Secure Information Technology have discovered security flaws in some popular Google and Apple apps. The flaw exposes confidential user data such as access codes, addresses, location data, and passwords. In response to the finding, Apple has stated that it would incorporate warnings to developers to ensure security settings are failsafe before uploading apps to the Apple Store.
Last year, a serious security flaw was identified in the smartphones manufactured by LG. The company had previously mentioned that it would not fix the software but later agreed to address the issue in newly launched models that have the Android Lollipop operating system. So, how are users of older LG phones expected to safeguard their devices against malicious malware attacks if the company digs its heels over not fixing critical security gaps? Security analysts have pointed out that there may be cost issues with fixing the loophole but it is the company’s job to ensure the security of their software.
New Technologies are Coming Up for Smartphone Security
Several new developments on the horizon could effectively fix security concerns in smartphones. Researchers at the University of California, for instance, have developed a 3D imaging technique of fingerprints through an ultrasonic sensor. Fingerprint sensor technology is already being used in Apple’s iPhone 6 that produces a two-dimensional image of a finger’s surface. However, a printed image of the fingerprint can easily undermine the security of fingerprint sensor technology. The ultrasonic sensor images the microscopic ridges and valleys on the surface of the fingerprint as well as the tissue beneath in three-dimension, to minimize security risks.
In another development, Turing Robotic Industries has come up with an Android-based handset that does not require a third-party server to provide encryption keys to protect sensitive information such as banking passwords, photos, and others.
Mandates are Necessary to Let Manufacturers Fix Security Issues
This July, California’s “Kill Switch” law came into effect, requiring all mobile phones sold in the state to be enabled with theft-deterrent technology. As a result, Apple developed new features such as Activation Lock and Find My iPhone for its smartphones. Google has introduced Device Protection in Android Lollipop 5.1. Others are also following. If a law can mandate the blanket implementation of theft-deterrent technology, ensuring the security of smartphones against cyber-attacks will automatically fall into place. Because at the end of the day, it is the user who suffers the implications of security loopholes – and not the smartphone behemoths.
