Like their counterparts for desktop platforms, mobile browsers incorporate a range of security and cryptographic tools to provide a secure Web-browsing experience.
However in one critical area that informs user decisions—the incorporation of tiny graphical indicators in a browser’s URL field—all of the leading mobile browsers fail to meet security guidelines recommended by the World Wide Web Consortium (W3C) for browser safety, leaving even expert users with no way to determine if the websites they visit are real or imposter sites phishing for personal data.
“We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science. “The basic question we asked was, ‘Does this browser provide enough information for even an information-security expert to determine security standing?’ With all 10 of the leading browsers on the market today, the answer was no.”
The graphic icons at issue are called either SSL (“secure sockets layer”) or TLS (“transport layer security”) indicators, and they serve to alert users (a) when their connection to the destination website is secure and (b) that the website they see is actually the site they intended to visit. The tiny “lock” icon that typically appears in a desktop browser window when users are providing payment information in an online transaction is one example of an SSL indicator. Another is the “https” keyword that appears in the beginning of a desktop browser’s URL field.
The W3C has issued specific recommendations for how SSL indicators should be built into a browser’s user interface, and for the most part, Traynor said, desktop browsers do a good job of following those recommendations. In mobile browsers, however, the guidelines are followed inconsistently at best and often not at all.
The principal reason for this, Traynor admits, is the much smaller screen size with which designers of mobile browsers have to work. Often there simply isn’t room to incorporate SSL indicators in same way as with desktop browsers. However, given that mobile devices are widely predicted to face more frequent attacks from cyber-criminals, the vulnerability is almost sure to lead to increased cyber-crime unless it is addressed.
“Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers,” said Chaitrali Amrutkar, a Ph.D. student in the School of Computer Science and principal author of the paper that described the SSL research. “Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help.”
The paper, “Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road,” earned Amrutkar a Best Student Paper award at this year’s Information Security Conference, held Sept. 19-21 in Passau, Germany. Traynor and Amrutkar said the study, essentially a measurement analysis of the current state of visual security indicators in mobile browsers, is a necessary first step in developing a uniform set of security recommendations that can apply to mobile browsers.
“We understand the dilemma facing designers of mobile browsers, and it looks like all of them tried to do the best they could in balancing everything that has to fit within those small screens,” Traynor said. “But the fact is that all of them ended up doing something just a little different—and all inferior to desktop browsers. With a little coordination, we can do a better job and make mobile browsing a safer experience for all users.”
Michael Terrazas | Newswise
Laser process simulation available as app for first time
23.11.2015 | Fraunhofer-Institut für Lasertechnik ILT
Powering the next billion devices with Wi-Fi
19.11.2015 | University of Washington
Planet Earth experienced a global climate shift in the late 1980s on an unprecedented scale, fuelled by anthropogenic warming and a volcanic eruption, according to new research published this week.
Scientists say that a major step change, or ‘regime shift’, in the Earth’s biophysical systems, from the upper atmosphere to the depths of the ocean and from...
The Fraunhofer Institute for Solar Energy Systems ISE has installed 70 photovoltaic modules on the outer façade of one of its lab buildings. The modules were...
Nerve cells cover their high energy demand with glucose and lactate. Scientists of the University of Zurich now provide new support for this. They show for the first time in the intact mouse brain evidence for an exchange of lactate between different brain cells. With this study they were able to confirm a 20-year old hypothesis.
In comparison to other organs, the human brain has the highest energy requirements. The supply of energy for nerve cells and the particular role of lactic acid...
In laser material processing, the simulation of processes has made great strides over the past few years. Today, the software can predict relatively well what will happen on the workpiece. Unfortunately, it is also highly complex and requires a lot of computing time. Thanks to clever simplification, experts from Fraunhofer ILT are now able to offer the first-ever simulation software that calculates processes in real time and also runs on tablet computers and smartphones. The fast software enables users to do without expensive experiments and to find optimum process parameters even more effectively.
Before now, the reliable simulation of laser processes was a job for experts. Armed with sophisticated software packages and after many hours on computer...
Researchers at Heidelberg University have devised a new way to study the phenomenon of magnetism. Using ultracold atoms at near absolute zero, they prepared a...
25.11.2015 | Event News
17.11.2015 | Event News
21.10.2015 | Event News
27.11.2015 | Press release
27.11.2015 | Life Sciences
27.11.2015 | Materials Sciences