December 22, 2012 at 6:02 PM #3416
None of the leading mobile browsers have security that’s up to snuff, according to researchers at Georgia Tech.
“We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90% of the mobile browsers in use [in the U.S.],” Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science, said in a school press release.
On mobile browsers, even experts have trouble determining the legitimacy of a website due to the lack of graphic indicators such as a lock icon that show when a browser is using the security protocols secure sockets layer (SSL) or transport layer security (TLS).
Such icons amd indicators, present on almost all desktop browsers, quickly tell users whether the site they’re visiting is secure and legitimate. Examples include the HTTPS address prefix and the padlock icon that appears when users are entering sensitive data like payment information.
The World Wide Web Consortium (W3C) puts forth specific guidelines as to how SSL and TLS should be implemented, something desktop browsers typically do well. When it comes to their mobile counterparts, the W3C recommendations don’t seem to be taken as seriously. Because people regularly use their smartphones to shop and conduct banking transactions, that’s a big problem.
“Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers,” said Chaitrali Amrutkar, the main author of the Georgia Tech paper. “Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help.”
Mobile developers are constantly faced with the challenge of creating an enjoyable browsing experience on a display that’s only a fraction of the size of a desktop. But a malware-ridden or hacked phone isn’t enjoyable at all.
Once developers figure out a smart and consistent way to implement SSL and TLS, Traynor said, everyone will be more secure and better served.
“With a little coordination, we can do a better job and make mobile browsing a safer experience for all users,” he said.
This is why I try to use apps and not my mobile browser when I’m on my mobile. I have an app for Facebook, one for Gmail, one for PayPal, etc. That way, at least, I know I’m not exposed to any vulnerabilities… that I know of.May 5, 2013 at 9:05 PM #13130
This is sort of frightening. I skimmed over the article and couldn’t find the browsers they tested. I use the Dolphin Browser and it seems safe to me. I hope there aren’t any security flaws that I am unaware of. Thanks for posting this article and warning others to be cautious while on their phones.May 9, 2013 at 2:38 PM #13160
Interesting read. I use Dolphin as well, but keep it updated and have installed mobile anti-virus software and I haven’t noticed any viruses/problems yet. I’ll definitely consider being more careful about the types of sites I visit from now on, because mobile security definitely isn’t advanced as the desktop counterpoint, and it lacks the sort of intensive cleaning apps like ADW.May 10, 2013 at 5:11 AM #13175
it’s better not to remember the password on your phone.May 27, 2013 at 5:19 PM #13358
Interesting article, but I would have liked to see what browsers they tested so we could see which ones they consider unsafe.
You must be logged in to reply to this topic.