Mobile Browser Security?

Mobile device usage is in full swing these days, and almost everyone has one in some form or fashion. Personally, I only have a smart phone, and up until real recently I did not do much in the lines of surfing the web on it. However, I do find myself doing so more and more these days. I had heard mixed messages about security on mobile devices, but at least one recent report shows mobile browsers do not provide the amount of security that is desired.

“We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States. The basic question we asked was, 'Does this browser provide enough information for even an information-security expert to determine security standing?' With all 10 of the leading browsers on the market today, the answer was no," said Patrick Traynor, assistant professor in Georgia Tech's School of Computer Science.

 

The main thrust of the testing seems to have been focused on the presence of an indicator showing the security of the site. You know, things like that little lock symbol or the “https” we find visible on our desktop browsers? These tell us if we are on a secure site, and sometimes let us know that we have reached the site we intended to reach.

As the article mentions, there is the World Wide Web Consortium (W3C) that basically provides guidelines for how things perform and display on the internet, and browsers are constantly updating their adherence to these standards. They even provide a large amount of information specifically aimed at mobile devices. However, while most desktop browsers do a fine job following the protocol for these security features, mobile browsers are found to be very lacking. The amount of screen real estate is the major hurdle in this matter. Smaller mobile screens mean compact browser controls, which do not always allow the additional space for the usual symbols.

In the absence of these symbols, many users do not pay as much attention to or take the same precautions on mobile devices that they would on desktop units. This opens the doors to all kinds of potential abuse by those seeking to do you harm. Mobile browser security issues are nothing new, and vulnerabilities have been discussed for years. “Browser vulnerabilities are the easiest way to get remote code running on a smartphone. That's because browsers are pretty complex compared to most programs on a smartphone. Once exploitation occurs, the remote code can do a variety of things," said Charlie Miller, principal analyst for software security at Independent Security Evaluators (ISE) back in a 2009 article. We’ve come a long way with mobile devices since, but there is obviously still work to be done for the security features.

Image courtesy of FreeDigitalPhotos.net