Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Mobile Browsers Fail Georgia Tech Safety Test

06.12.2012
How unsafe are mobile browsers? Unsafe enough that even cyber-security experts are unable to detect when their smartphone browsers have landed on potentially dangerous websites, according to a recent Georgia Tech study.

Like their counterparts for desktop platforms, mobile browsers incorporate a range of security and cryptographic tools to provide a secure Web-browsing experience.

However in one critical area that informs user decisions—the incorporation of tiny graphical indicators in a browser’s URL field—all of the leading mobile browsers fail to meet security guidelines recommended by the World Wide Web Consortium (W3C) for browser safety, leaving even expert users with no way to determine if the websites they visit are real or imposter sites phishing for personal data.

“We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science. “The basic question we asked was, ‘Does this browser provide enough information for even an information-security expert to determine security standing?’ With all 10 of the leading browsers on the market today, the answer was no.”

The graphic icons at issue are called either SSL (“secure sockets layer”) or TLS (“transport layer security”) indicators, and they serve to alert users (a) when their connection to the destination website is secure and (b) that the website they see is actually the site they intended to visit. The tiny “lock” icon that typically appears in a desktop browser window when users are providing payment information in an online transaction is one example of an SSL indicator. Another is the “https” keyword that appears in the beginning of a desktop browser’s URL field.

The W3C has issued specific recommendations for how SSL indicators should be built into a browser’s user interface, and for the most part, Traynor said, desktop browsers do a good job of following those recommendations. In mobile browsers, however, the guidelines are followed inconsistently at best and often not at all.

The principal reason for this, Traynor admits, is the much smaller screen size with which designers of mobile browsers have to work. Often there simply isn’t room to incorporate SSL indicators in same way as with desktop browsers. However, given that mobile devices are widely predicted to face more frequent attacks from cyber-criminals, the vulnerability is almost sure to lead to increased cyber-crime unless it is addressed.

“Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers,” said Chaitrali Amrutkar, a Ph.D. student in the School of Computer Science and principal author of the paper that described the SSL research. “Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help.”

The paper, “Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road,” earned Amrutkar a Best Student Paper award at this year’s Information Security Conference, held Sept. 19-21 in Passau, Germany. Traynor and Amrutkar said the study, essentially a measurement analysis of the current state of visual security indicators in mobile browsers, is a necessary first step in developing a uniform set of security recommendations that can apply to mobile browsers.

“We understand the dilemma facing designers of mobile browsers, and it looks like all of them tried to do the best they could in balancing everything that has to fit within those small screens,” Traynor said. “But the fact is that all of them ended up doing something just a little different—and all inferior to desktop browsers. With a little coordination, we can do a better job and make mobile browsing a safer experience for all users.”

Michael Terrazas | Newswise
Further information:
http://www.gatech.edu

More articles from Information Technology:

nachricht Magnetic fields provide a new way to communicate wirelessly
01.09.2015 | University of California - San Diego

nachricht 'Magic' sphere for information transfer
24.08.2015 | Lomonosov Moscow State University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Fraunhofer ISE Develops Highly Compact Inverter for Uninterruptible Power Supplies

Silicon Carbide Components Enable Efficiency of 98.7 percent

Researchers at the Fraunhofer Institute for Solar Energy Systems ISE have developed a highly compact and efficient inverter for use in uninterruptible power...

Im Focus: How wind sculpted Earth's largest dust deposit

China's Loess Plateau was formed by wind alternately depositing dust or removing dust over the last 2.6 million years, according to a new report from University of Arizona geoscientists. The study is the first to explain how the steep-fronted plateau formed.

China's Loess Plateau was formed by wind alternately depositing dust or removing dust over the last 2.6 million years, according to a new report from...

Im Focus: An engineered surface unsticks sticky water droplets

The leaves of the lotus flower, and other natural surfaces that repel water and dirt, have been the model for many types of engineered liquid-repelling surfaces. As slippery as these surfaces are, however, tiny water droplets still stick to them. Now, Penn State researchers have developed nano/micro-textured, highly slippery surfaces able to outperform these naturally inspired coatings, particularly when the water is a vapor or tiny droplets.

Enhancing the mobility of liquid droplets on rough surfaces could improve condensation heat transfer for power-plant heat exchangers, create more efficient...

Im Focus: Increasingly severe disturbances weaken world's temperate forests

Longer, more severe, and hotter droughts and a myriad of other threats, including diseases and more extensive and severe wildfires, are threatening to transform some of the world's temperate forests, a new study published in Science has found. Without informed management, some forests could convert to shrublands or grasslands within the coming decades.

"While we have been trying to manage for resilience of 20th century conditions, we realize now that we must prepare for transformations and attempt to ease...

Im Focus: OU astrophysicist and collaborators find supermassive black holes in quasar nearest Earth

A University of Oklahoma astrophysicist and his Chinese collaborator have found two supermassive black holes in Markarian 231, the nearest quasar to Earth, using observations from NASA's Hubble Space Telescope.

The discovery of two supermassive black holes--one larger one and a second, smaller one--are evidence of a binary black hole and suggests that supermassive...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Together - Work - Experience

03.09.2015 | Event News

Networking conference in Heidelberg for outstanding mathematicians and computer scientists

20.08.2015 | Event News

Scientists meet in Münster for the world’s largest Chitin und Chitosan Conference

20.08.2015 | Event News

 
Latest News

Lighter with Laser Welding

03.09.2015 | Process Engineering

For 2-D boron, it's all about that base

03.09.2015 | Materials Sciences

Phagraphene, a 'relative' of graphene, discovered

03.09.2015 | Materials Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>