X

Multe dintre aplicatiile pentru terminale mobile nu protejeaza eficient parolele utilizatorilor

      Conform unui studiu facut de o companie de securitate informatica, multe dintre cele mai populare aplicatii pentru terminale mobile nu au un sistem eficient de protejare a parolelor utilizatorilor. Firma viaforensics a testat 100 dintre cele mai populare aplicatii pentru Android si iOS si a descoperit ca 76 dintre acestea folosesc un sistem ineficient de salvare a parolelor utilizatorilor. Mai exact, aceste aplicatii salveaza parolele in formatul plain text desi ele ar fi trebuit criptate astfel incat oricine ar obtine acces la un backup al aplicatiei nu ar putea descifra parola utilizatorului.

How safe is data stored on smartphones? Not very. In fact, 76% of popular consumer applications running on Android and iOS devices store usernames as plaintext, and 10%–including Hushmail, LinkedIn, and Skype–store passwords as plaintext.  When it comes to the security of mobile consumer applications, tested social networking applications fared the worst, with 74% earning a “fail,” indicating that sensitive data, such as passwords or account numbers, was recovered. According to the report, “the recovery of the sensitive data places the user at a significant increased risk for identity or financial theft.”

      In ceea ce priveste aplicatiile care nu au un sistem eficient de salvare a parolelor vorbim despre : Hushmail, LinkedIn, Skype, WordPress si aplicatia Mail insa lista este mult mai lunga. Multe dintre aplicatiile dedicate retelelor sociale au din pacate acelasi gen de sistem care permite extragerea cu usurinta a parolei unui utilizator. Desi dezvoltatorii nu par interesati sa schimbe acest sistem, exista o metoda simpla prin care ne putem proteja, mai exact trebuie sa folosim diverse parole pentru conturile aplicatiilor noastre astfel incat unele conturi sa fie protejate in cazul aflarii uneia dintre parole.

Apple’s iOS isn’t bulletproof–or standing still–either. Apple upgraded its mobile operating system with better encryption as of the 4.0 version, released in June 2010. But earlier this year, forensics researchers and toolmakers cracked the iOS data security scheme, and released automated tools that can recover much of the information stored by iOS devices, providing they can crack the device’s password. In other words, the security of an iOS device is very much up to its owner. “If the phone user does not activate data protection by setting a passcode, the files are not fully protected,” according to the viaForensics report. “Furthermore, various tools exist to uncover the user’s passcode with varying degrees of success depending on the strength of passcode used.”

        Problema securitatii aplicatiilor nu este noua insa dezvoltatorii lasa totul in seama iOS-ului care ar trebui sa ofere protectie utilizatorilor. Din pacate nimic nu este 100% sigur asa ca iOS-ul poate fi “spart” si nu conteaza daca aveti jailbreak sau nu pentru ca veti fi la fel de expusi. In concluzie, utilizati diverse parole pentru conturile voastre.

This post was last modified on aug. 10, 2011, 10:17 AM 10:17

Disqus Comments Loading...