Skip to main content

From Kaspersky To Webroot, Major Security Firms Can't Even Get Basic Android Encryption Right


When recently-appointed president of RSA, Amit Yoran, opened his company’s flagship conference yesterday, he warned the security industry was living in the dark ages. Protections just aren’t working, he said. Various anti-virus firms, including big names like Kaspersky and Webroot, have offered proof that the market’s many players get it wrong; they’re on a list of companies whose Google Play Android apps don’t do proper encryption checks, according to research from the Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute.

The CERT discovered a whopping 22,000 apps that weren’t carrying out “SSL validation”, where the software is supposed to check certificates over encrypted communications to ensure the parties involved are verified. Kaspersky’s Internet Security app and Webroot’s free offering and its “complete” tool (an apt name, perhaps?) both failed to carry out these checks, meaning an attacker sitting on the same network as a target user could, in theory, spoof those services and collect data the victim hands over to the fake application. That could be credit card data, especially where in-app purchases are taking place, as in both Kaspersky and Webroot anti-virus, or usernames and passwords. Users would understandably assume that apps using encryption were safe, so would likely be oblivious to such “man-in-the-middle” attacks.


Comments

Popular posts from this blog

Disney Discovers How To 3D Print with Fabric

We have seen 3D printers produce objects from plastic and even metal. But the Magic Kingdom is living up to its name with the announcement that it has designed a 3D printer capable of printing with fabric. A group of researchers at Cornell University, Carnegie Mellon and Disney Research unveiled the invention in a paper last weekend. According to the researchers, the device is capable of forming precise, but soft and deformable 3D objects from layers of off-the-shelf fabric. Among the objects the research team produced were a fabric bunny, a Japanese doll, a touch sensor made of fabric, and a smartphone case with an embedded conductive fabric coil for wireless  power   reception. Touch-Sensitive, Wireless Power To form each object, the printer uses a single sheet of fabric to create each layer of the object. The printer cuts this sheet along the 2D contour of the layer using a laser cutter and then bonds it to previously printed layers using a heat sensitive adh...