Tag Archives: Mobile Security

Beyond Java Card

When Java Card was created, the market for smart cards was quite simple: chip vendors would design specific chips, chip vendors would develop an operating system for the chips and produce cards embedding the chip. Since then, this market has become much more complicated. For traditional payment and ID, changes are minimal, as card vendors […]

Did Apple just boost mobile security?

I have been working on mobile security for many years, and things haven’t moved much: justifying mobile security is always painful. Whyshould Ispend more money? There aren’t that many attacks! Some business use cases seemed like a good justification, but the economics are unclear and remain in the order of “if youget hacked, it could […]

Convenience vs. Security vs. (Perceived) Security

Yesterday, @poulpita tweeted a link to a blog explaining that convenience keeps winning against security. The main argument in this blog is about iOS6’s Passbook, which can store credit card numbers, for your convienience. The reasoning goes on with a comparison of the security merits of a credit card number stored on Passbook and a […]

Some people don’t like phone security

It seems that FBI isn’t able to perform smudge attacks very well. Apparently, they have been defeated by Android’s “pattern lock” on a Samsung phone. Well, my friends must be smarter than the FBI, because both of the guys who tried to defeat my pattern lock using a smudge attack succeeded. The fun part is […]

Q&A: What do NFC NDEF Signature records bring?

Here is another question related to NFC, this time about what I understand of NDEF signatures (could be incomplete). The NFC Forum has recently added the possibility to include a signature record in tags. Adding such a signature can be used to ensure that the content of the tag (say, a URL) has been written […]

2011: The year of mobile malware? Nope.

One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]

The Mobile Trust Manifesto

Mobile computing is at a turning point, as the past few years have seen numerous improvements of the capacities of mobile devices. Here are a few of the main characteristics that have dramatically improved: Personal. Mobile phones are becoming some kind of personal hub, on which all communications means are concentrated, in particular around social […]

Mobile Trust, from M-Pesa to Bump

Mobile banking in Africa is becoming a well-known example of how technical and business innovation can benefit poor people around the world (on NPR, for isntance). Such systems now existing in other countries, but they are all more or less based on the same technical and business models. On the technical side, these financial applications […]

Mobile security remains flaky on smartphone apps

With my colleagues, I have been looking at the security of mobile applications for a few years, and in most cases, I have been amazed at the lack of security in these applications. Most mobile developers simply don’t seem to care. A security and forensics company has recently looked into mobile applications, and got some […]

Smudge attacks on Android

Researchers have done some interesting work about “smudge attacks” on Android phones. All Android phone owners will have guessed that this attack targets the authentication pattern that is used to unlock an Android phone. And all these owners also know that smudge really is dangerous for this authentication technique. I have tried it with a […]