iPhone vs. Android: Whats More Secure? Experts Talk About Mobile Security

Cointelegraph | March 03, 2020

  • Experts discarded the myth that iPhones are more secure than Android devices, unless your iPhones is run by the latest iOS 13.

  • They also suggested users to stay away from Samsung phones.

  • Experts were also against the use of biometrics as means to secure a phone.


Cybersecurity experts Aaron Turner and Georgia Weidman discussed the certain caveats that come with the two-factor authentication, even though they concurred that it was the way to go, and biometrics as the means to securing one's phone. The two experts were speaking at the RSA Conference in San Francisco.


The two warned users against using a mobile authenticator app on an old smartphone because the app is only as good as the operating system in which it's running. They emphasized that using authenticator apps, such as Authy or Google Authenticator, in two-factor authentication was better than using SMS-based 2FA. But, they said, an authenticator app is useless for security if the underlying mobile OS is out-of-date or the mobile device is otherwise insecure.


The problem is that if an attacker or a piece of mobile malware can get into the kernel of iOS or Android, then it can do anything it wants, including presenting fake authenticator-app screens.


"One of my clients had an iPhone 4 and was using Microsoft Authenticator," Turner said, indicating another authenticator app. "All an attacker would need to do is to get an iPhone 4 exploit. My client was traveling in a high-risk country, his phone was cloned and then after he left the country, all sorts of interesting things happened to his accounts."


What's Safer? iPhones or Androids


Aaron Turner discarded the myth that iPhones are more secure than Android devices unless your iPhones is run by the latest iOS 13. He said, "You don't want the risk associated with 32-bit iOS."


Amongst android smartphones, he praises Pixel devices, and shares that he has “had good experiences with Motorola and Nokia Android One devices.”


In Android, use only the Pixel class of devices. Go to Android One if you can't get Pixel devices. I've had good experiences with Motorola and Nokia Android One devices.

- Aaron Turner, President and CSO, HighSide


He also suggested users stay away from well-known Android brands.


Stay Away From Samsung Phones


Turner had some strong opinions about Samsung phones. “Karsten Nohl showed that Samsung was faking device updates last year.  Stop buying their stuff," Turner said.


To be fair, Samsung was far from the worst offender among phone makers in the study Turner cited, and the study authors later said "they got it wrong" regarding Samsung's issues, without going into further detail.


Some Android phones are safer than iPhones


iPhones and Androids have just as many known exploits, and Weidman extracted the encryption keys from an older iPhone in a matter of seconds onstage.


iPhone's Secure Enclave offers some additional security, but the authenticator apps aren't using those elements. iOS is still good, but Android's [security-enhanced] SELinux is the bane of my existence as someone who's building exploits.

- Georgia Weidman, Founder and CTO, Shevirah Inc.


"We charge three times as much for an Android pentest than we charge for an iOS one," Turner said, referring to an exercise in which hackers are paid by a company to try to penetrate the company's security. "Fully patched Android is more difficult to go after."


READ MORE: Facial recognition biz Clearview  AI suffers data breach


The Underlying Part Of The Mobile OS


Authenticator apps beat SMS texted codes as 2FA second factors because app codes can't be intercepted over the air, aren't tied to a phone number and never leave the device. But authenticator app codes can be stolen in phishing attacks, and as we saw yesterday, by Android malware in screen-overlay attacks.


However, even the best training against phishing attacks and the best Android antivirus apps won't stop attacks that come from the kernel, the underlying part of the mobile operating system to which the user doesn't have access.


"What could possibly go wrong when installing a user-mode application with sensitive cryptographic key materials on a platform with kernel vulnerabilities?" Turner asked rhetorically.


Kernel vulnerabilities also can be used to hack two-factor push notifications, which Google uses for its own accounts and which can't be phished.


In short, "we need to move away from usernames and passwords," Turner said.


'Biometrics are Non-revocable'


Both the experts weren't biometrics enthusiasts.

When asked about biometric authentication such as fingerprint readers and facial recognition, Weidman said that "it's better than nothing when used in addition to passwords."


Turner wasn't so sure.
Citing a famous case from Malaysia in which a man's index finger was cut off by a gang to steal the man's fingerprint-protected Mercedes, Turner said,  "I am fundamentally opposed to using biometrics because it's non-revocable. Fingerprint readers are biometric toys."

The only form of two-factor authentication without security problems right now, Turner said, is a hardware security key such as a Yubikey or Google Titan key.


"I've got two Yubikeys on me right now," Turner said. "Hardware separation is your friend."


READ MORE: Imperva uses AI  to block AI-weaponised cyber threats

Spotlight

While technology innovations are improving our everyday lives, cybercrime is also on the rise - and the costs are higher than ever. A recent study found that the annual costs of cybercrime averaged USD11.6 million per large organization in 2013, which is an increase of 26 percent from the previous year.1 In fact, even the most security-minded organizations can be exploited by today's operationally sophisticated attackers. And the impact can extend far beyond the bottom line. Security breaches can result in the loss of intellectual property, disrupt critical operations and damage an organization's image, brand and public reputation.


Other News
DATA SECURITY, PLATFORM SECURITY

Cynet Announces Partnership With TD SYNNEX

Cynet | October 10, 2022

Cynet, the world’s first provider of an autonomous, end-to-end, fully automated extended detection and response (XDR) platform, today announced it has signed an agreement with TD SYNNEX, a leading distributor and solutions aggregator for the IT ecosystem. The partnership will significantly expand the distribution of Cynet’s pioneering cybersecurity platform that helps organizations easily deploy automated, comprehensive protection against attacks, without the need for advanced skills, large security teams, or multiple technology products. Cynet selected TD SYNNEX for their shared values of delivering value and a commitment to innovative thinking. With more than 22,000 dedicated employees, TD SYNNEX provides innovative technology products, services, and solutions to the world. Over 150,000 customers in more than 100 countries rely on TD SYNNEX to help them maximize the value of their IT investments, improve business outcomes, and unlock new opportunities for growth. Cynet provides channel-friendly programs designed to help solution providers solve their customers’ ever-evolving IT demands. Cynet’s 360 AutoXDR™ platform is an easily managed XDR solution that protects users, files, hosts, and networks from one console with built-in automated remediation. Cynet360 Complete is sold on a single inclusive SKU to deliver a packaged security solution that solves business problems for mid-market organizations, while being scalable to hundreds of thousands of endpoints. “Cynet has pioneered an innovative solution addressing the resource-drain and vulnerabilities tied to today’s cybersecurity approach,” said Cheryl Neal, Vice President of New Vendor Acquisition, TD SYNNEX. “The Cynet 360 AutoXDR™ platform will provide exceptional value to our partner ecosystem by putting cybersecurity on autopilot, so organizations can free up limited resources and focus on growth. We are delighted to be the first U.S.-based channel distributor for this technology.” “As a channel-first company, we are excited to partner with a world-class organization like TD SYNNEX. Their focus on delivering industry-leading technologies that provide the maximum value from IT investments is a perfect match for Cynet,” said Eyal Gruner, co-founder and CEO, Cynet. “Cynet designed every factor of our partner program to drive mutual profitability for solution providers. With TD SYNNEX’s expansive reach and the trust it has earned among its network of solution providers, we believe this will be a rewarding relationship.” About TD SYNNEX TD SYNNEX is a leading global distributor and solutions aggregator for the IT ecosystem. We’re an innovative partner helping more than 150,000 customers in 100+ countries to maximize the value of technology investments, demonstrate business outcomes and unlock growth opportunities. Headquartered in Clearwater, Florida, and Fremont, California, TD SYNNEX’ 22,000 co-workers are dedicated to uniting compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. Our edge-to-cloud portfolio is anchored in some of the highest-growth technology segments including cloud, cybersecurity, big data/analytics, IoT, mobility and everything as a service. TD SYNNEX is committed to serving customers and communities, and we believe we can have a positive impact on our people and our planet, intentionally acting as a respected corporate citizen. We aspire to be a diverse and inclusive employer of choice for talent across the IT ecosystem. About Cynet Cynet is a provider of the world’s first end-to-end, natively automated extended detection and response (XDR) platform – Cynet 360 AutoXDR™ – backed by a 24/7 MDR service. Its mission is to make it easy and stress-less for any organization to be safe and secure from cyber threats. The platform was purpose-built to enable small security teams to achieve comprehensive and effective protection regardless of their resources, team size, or skills. It does this by managing day-to-day security operations so teams can focus on managing security rather than operating it. The complementary 24/7 MDR service provides organizations with monitoring, investigation, on-demand analysis, incident response, and threat hunting

Read More

PLATFORM SECURITY, SOFTWARE SECURITY

Netpluz strengthens cybersecurity offerings for SME customers across the Asia Pacific

Netpluz | October 12, 2022

Netpluz, a one-stop Managed Communications Service Provider in the region, has teamed up with two leading security platforms, Stellar Cyber and Ridge Security, to provide more comprehensive cybersecurity services for Small and Medium-sized Enterprises (SMEs) across the Asia Pacific. Netpluz eSentinel™ is a cloud-based, all-in-one managed cybersecurity platform that offers comprehensive protection of confidentiality, integrity, and availability of computer systems and networks against cyber-attacks and unauthorized access. The partnerships with Stellar Cyber and Ridge Security will significantly enhance the cyber defence capabilities of eSentinel™ in two main areas, namely Managed SOC (Security Operations Centre) and VAPT (Vulnerability Assessment and Penetration Testing). With the adoption of Stellar Cyber's Open XDR platform and ingestion of data from multiple different sources, eSentinel™ Managed SOC service will offer high-fidelity threat detection and incident correlation through AI, automated threat hunting and response. MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) will also improve tremendously by more than eight and twenty times, respectively. Ridge Security's pioneering product, RidgeBot®, is an intelligent risk-based vulnerability management and automated pentest robot that value-adds to eSentinel™ VAPT service. RidgeBot® acts like human attackers, relentlessly locating exploits and documenting the findings. Unlike humans, RidgeBot® comes armed with dynamic attack strategies to exploit before moving on to the next target. "With digitalization accelerated by the pandemic, adopting technology as part of strategic growth is now at the forefront of many organizational agendas, even for SMEs. In fact, we see SMEs looking at digitalization for business and growth opportunities in the long term – driving stronger demand for managed cybersecurity services. "Responding to this demand, we are thrilled to work with Stellar Cyber and Ridge Security to deliver enterprise-grade and cost-effective managed cybersecurity services to businesses in the Asia Pacific." Mr Lau Leng Fong, Chief Executive Officer of Netpluz Such collaborations extend Netpluz's comprehensive selection of business-focused solutions and align with the company's vision to be the top Managed Communications Service Provider in the Asia Pacific. With the evolving digital landscape, cybersecurity is now an integral part of communication services and an even more significant concern for SMEs. Unlike large enterprises, SMEs are often more vulnerable to cyber-attacks due to the lack of strong technological defences, less awareness of threats, and a shortage of talents and resources to invest in cybersecurity. This is where Netpluz comes in. With an increasing focus on offering managed cybersecurity services, Netpluz has established a high-availability Security Network Operation Centre (SNOC) spanning its regional operations, to provide round-the-clock monitoring, detection and response of its customers' IT devices, systems, and network infrastructure. To further strengthen its cybersecurity capabilities and processes, Netpluz has also attained certifications, including CREST Certification, CSA Cyber Trust mark (Advocate), ISO/IEC: 27001:2013, and MTCS Standard. Netpluz is also a Cybersecurity Service Provider (CSP) licensed by the Cyber Security Agency of Singapore (CSA), enabling the company to provide secure and reliable services to customers in Singapore and across the Asia Pacific region. About Netpluz Netpluz is a transforming Managed Communications Service Provider that helps clients become more agile by simplifying their Information and Communications Technology (ICT) needs. With humble beginnings in 2015 serving business internet connectivity, acquisition of MediaRing business assets and merger of Y5Zone Singapore in 2016, Netpluz has evolved from an Internet Service Provider (ISP) to providing Managed Data, Cloud, Cybersecurity, Voice, Video, and Mobility services to over 2,000 clients over a single, converged network with uncompromising availability, scalability and service standards. Backed by decades of industry expertise, experience and global technology partners, Netpluz managed services are designed and operationalized with cost efficiency to fit business needs. With an unwavering dedication to delivering quality services to its clients, Netpluz aspires to become the top Managed Communications Service Provider in the Asia Pacific. About Stellar Cyber Stellar Cyber's Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Its XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. The company is based in Silicon Valley. About Ridge Security Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems. The management team has years of networking and security experience. Ridge Security's robotic security validation system RidgeBot, fully automates the penetration testing process and emulates adversary attacks to validate an organization's cybersecurity posture.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, SOFTWARE SECURITY

SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform

SynSaber | October 21, 2022

SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, today announced the addition of a new Dynamic Pipeline feature to the company's platform, providing customers with improved scalability and flexibility. Building upon the product launched in February 2022, this update includes a comprehensive set of features and capabilities to collect, analyze, and curate data at the OT edge. SynSaber was purpose-built to bring edge visibility to industrial networks (oil and gas, water and electric utilities, advanced manufacturing) so that organizations can deploy and scale rapidly, integrate with current technology, and detect threats to protect business-critical assets. "SynSaber partners with some of the most important critical infrastructure operators in the nation to protect and provide visibility into how ICS/OT assets are exposed to potential cyber attacks. "With our latest update to the platform, customers are now able to extend visibility and flexibility throughout the organization for cybersecurity to act as a business continuity vehicle and empower operators and asset owners to prevent any operational disruption." Jori VanAntwerp, Co-Founder/CEO of SynSaber Dynamic Pipeline 's Key Benefits: Users can modify data sources, processors, and destinations in real-time, enabling dynamic configuration changes without interruption to visibility. Pipeline configuration can be modified and deployed within SynSaber's visual-based interface. The ability to dynamically configure Saber sensors from a visual-based interface allows for greater control and ease of access. In addition to the improved scalability and flexibility the dynamic pipeline provides, the v1.1.0 update includes enhancements to some of the existing features from SynSaber version v1.0.0. These feature improvements include: Custom flow module enables near real-time processing and analysis of data and asset identification. Improved Syslog support allows fast and efficient communication with existing infrastructure and technologies. About SynSaber SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

GreyNoise Intelligence Partner Network Launches in the Cybersecurity Arena

GreyNoise Intelligence | November 07, 2022

GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today announced the official launch of a mulit-faceted partner program to help customers defend against mass exploitation attacks. As an ecosystem for cybersecurity solution providers, the program offers an array of opportunities for technical alliances, channel resale and OEM partners. "Mass exploitation attacks like Log4j have become the attack vector of choice for cyber criminals and state actors. "Security teams are struggling to defend themselves against these kinds of attacks with tools and threat intelligence designed for last year's threats. By building partnerships with other leading cyber solution providers, we can help customers implement new security strategies to end mass exploitation attacks." Andrew Morris, Founder and CEO of GreyNoise Mass exploitation attacks leverage internet-wide scanning technologies to find and exploit vulnerable computer systems around the world in minutes. When a new internet-exploitable vulnerability like Log4j is announced, these attacks can start in a matter of hours, before security teams have a chance to put their defenses in place. The GreyNoise Intelligence Partner Network enables other cybersecurity solution providers to expand their reach, increase revenues and deepen customer relationships. The network has three primary components: 1) GreyNoise Technical Alliance Program. GreyNoise provides contextual data on noisy IP addresses that scan the Internet. Technical Alliance partners collaborate with GreyNoise to ensure that mutual customers can seamlessly leverage inter scanner intelligence in their existing workflows, tools and processes. Customers use this data to reduce their alert volumes by 25% and minimize alert fatigue. GreyNoise also sharpens threat detection fidelity for mutual customers by providing valuable context on known malicious internet-wide scanners, speeding up the triage process. With GreyNoise data, technical partners have real time visibility into mass exploitation IPs targeting specific vulnerability, which provides critical actionable data during an active emergent attack. “Whenever a vulnerability is disclosed the dinner bell sounds for good and bad actors alike, meaning organizations are already on their back foot,” explains Robert Huber, chief security officer and head of research, Tenable. “We know threat actors are monitoring disclosure programs in the same way we are, looking for newly announced vulnerabilities, studying all available information such as proof of concepts, but they’re looking to utilize the flaw. OUr partnership with GreyNoise gives our customers the tools to address these weaknesses when they’re publicly announced. In doing so, we reduce that intelligence gap and hand the advantage back to the good guys.” 2) GreyNoise OEM Partnership Program. GreyNoise provides an integrated out-of-the-box threat intelligence solution for security vendors, ISPs and technology firms to embed in their product and service offerings. Unlike other threat intelligence vendors, GreyNoise is solely focused on providing high fidelity data on IPs that are actively mass scanning, crawling and attacking the internet. Integrating GreyNoise data directly into the platform of OEM partners enables customers to intelligently rule out internet background noise, and helps them to prioritize emerging threats and targeted activity more effectively. “Modern security teams need a fast, flexible and scalable platform for threat detection capable of analyzing terabytes of data per day, with built-in threat intelligence to rule out activity from trusted sources, and immediately flag activity from known bad actors,” said Jack Naglieri, CEO and founder, Panther Labs. “With Panther and GreyNoise, security teams can cut through background noise, improve alert fidelity, speed up analyst workflows and ensure prioritization of the most critical alerts. By making detection and response faster and more accurate, security teams can better protect their organizations from disruptive cyberattacks.” 3) GreyNoise Channel Resale Program. GreyNoise is committed to developing partnerships with highly focused, security-dedicated channel partners to deliver the best results to mutual customers. Value-added resellers and distributors offer GreyNoise protection and intelligence solutions to meet the IT security needs of their enterprise customers. In addition to providing a unique data and automation security solution that is relevant to Incident Response, SOC and Threat Intel teams, GreyNoise has a transparent, simple and profitable, channel sales program with a generous deal registration and rebate structure. GreyNoise sales teams provide materials for channel partners to explain the value GreyNoise offers in improving analyst efficiency, leveraging customer investment in existing technologies, and reducing the overall risk landscape. About GreyNoise Intelligence GreyNoise is THE source for understanding internet noise. We collect, analyze and label data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats. GreyNoise is trusted by Global 2000 enterprises, government organizations, top security vendors and tens of thousands of threat researchers.

Read More

Spotlight

While technology innovations are improving our everyday lives, cybercrime is also on the rise - and the costs are higher than ever. A recent study found that the annual costs of cybercrime averaged USD11.6 million per large organization in 2013, which is an increase of 26 percent from the previous year.1 In fact, even the most security-minded organizations can be exploited by today's operationally sophisticated attackers. And the impact can extend far beyond the bottom line. Security breaches can result in the loss of intellectual property, disrupt critical operations and damage an organization's image, brand and public reputation.

Resources