Processing .....please wait.. 
The article has been forwarded.... 
News >> Technology >>
New gadgets nowadays make the job of a hacker easier
By siliconindia
|
Tuesday, 28 December 2010, 18:45 IST
New York: Researchers at Mocana are being troubled with their recent discovery of an easy way of hacking into a best-selling internet-ready HDTV model.
The security technology company in San Francisco easily discovered a loop hole in the software that shows Web sites on the TV and used that as an opportunity in order to gain a control on the information being sent to the television. By doing this, it becomes a cakewalk for them to put up a fake screen for a site like Amazon.com and then request for a credit card billing detail regarding the purchase made. This strategy also enables them to monitor data being sent from the TV to sites, reports Ashlee Vance from the New York Times.
"Consumer electronics makers as a class seem to be rushing to connect all their products to the Internet," said Adrian Turner, Mocana's chief executive. "I can tell you for a fact that the design teams at these companies have not put enough thought into security."
The main aim of Mocana and firms like it is to trade technology in order to shield devices and expose the potential threats. But the Mocana test also exemplifies what safety experts have long cautioned about: that the arrival of Internet TVs, smartphones and other fashionable Web-ready gadgets will accompany in a new era of threats by presenting easy targets for hackers.
"When it comes to where the majority of computing horsepower resides, you're seeing a shift from the desktop to mobile devices and Web-connected products, and inevitably, that will trigger a change in focus within the hacking community," said K. Scott Morrison, the chief technology officer at Layer 7 Technologies, which helps companies manage their business software and infrastructure. "I really do believe this is the new frontier for the hacking community."
According to the security companies, in order to battle the threat, development of new protection models is mandatory. Till today, security measures like promotion of items like fingerprint scanners and face recognition on devices, and tools that can disable a device or freeze its data if an attack is reported have largely failed to reach the mainstream.
Enrique Salem, the chief executive at Symantec, which makes antivirus software frequently installed on PCs, said it was doubtful that similar kind of software would be designed by his company for all the new products. But the attacks that Symantec and others have seen on the devices are so new that they will require a fresh approach, he said. "Symantec will focus on fingerprint scanners and other personal identifiers to devices."
Symantec's main security technology rival, McAfee, for $7.7 billion were recently bought by the chip maker Intel wherein the Intel executives revealed their plan to build some of McAfee's technology into future chips that will go into mobile phones and other newer devices.
Although the cellular phones have been connected to the Web for years with a firm control, there were other constraints that made the task of hackers difficult to do much damage. Currently smartphones have many more capabilities as their shipments have hit a critical mass that makes them worth a hacker's while.
Also, Apple, Google, Nokia and others are in a race to fill their online mobile software stores applications. These companies have review mechanisms that try to catch malicious software, but the volume of new apps coupled with hackers' wile make it difficult to catch every bad actor.
Still, there is a Wild West vibe to the smartphone market these days as smaller, unproven manufacturers have followed the likes of Apple, Nokia and Motorola in making smartphones.
"The good smartphones have been pretty well designed," said Mr. Morrison of Layer 7 Technologies. "The problem now is the flood of secondary phones that bring interesting diversity and also open up holes for hackers."
Cautions have already come from the security companies as the hackers have begun to exploit the application stores and have also discovered fake programs that can steal passwords or make expensive phone calls.
Jimmy Shah, a mobile security researcher at McAfee Labs, said the company had run into so-called smishing attacks, a variation on phishing, in which someone is sent a deceptive text message that appears to have come from a bank or a retailer. Often, the message will ask the person to call a customer support line, at which point the attackers try to coax valuable information from the victim.