Smartphones Show Their Weaknesses

More work needs to be done to strengthen the security as it relates to cellphones but their collective power can be used for good in cryptographic research.


According to researchers at the University of Michigan, a weakness believed to exist in Android, Windows and iOS operating systems could be used to obtain personal information from unsuspecting users.

This hack was demonstrated in an Android phone and was successful between 82 and 92% of the time on six of seven popular apps that were tested. Gmail, CHASE Bank and H&R Block were among those easily compromised.

The hack is seen as particularly dangerous because it allows attackers to time the moment that they present the user with a fake screen to when the user is expecting to enter sensitive data.

On a positive note in other research activity, an EPFL master’s candidate helped create an Android apps meant to bring users together to crack a modern cryptographic code, which is not infallible.All encryption types, including the widely used RSA, can theoretically be broken.

How then can data remain protected?

The answer lies on the time and computational effort required to break the code. Cracking a sufficiently long encryption key can be expensive up to the point of being unattainable in practice.

The LACAL laboratory at EPFL, renowned for achievements in cryptography was interested in solving a problem based on elliptic curve cryptography developed in the early 1980s.

According to researchers there, the lab thwarted the security of passwords by using a network of 300 PlayStation 3 game consoles, and then decided to take on this new challenge, which uses thousands of smartphones working together. The researchers believe it is just as important to crack an unbroken cryptographic system at all costs as it is to design new and more efficient systems.
This is because the systems can be broken at some point, which is why it is important to constantly assess them in order to know their limitations and adapt them if they are no longer safe.

If this kind of understanding is happening at the academic level, it is encouraging to think about the potential benefits to industry.

Leave a Reply

(Note: This name will be displayed publicly)