Cybersecurity Experts Warn Against Popular Phones and Losing Fingers to Criminals

Published at: March 2, 2020

Speaking at the RSA Conference in San Francisco, cybersecurity experts Aaron Turner and Georgia Weidman discussed two-factor authentication and biometrics as means to securing one’s phone. Although they concur that the two-factor authentication is the way to go, there are certain caveats.

Authenticator apps like Google Authenticator generally provide better security than SMS-based schemes, however, they are only as good as the devices running them.

iOS v. Android — safest phones

Turner also dispels the myth that iPhones are more secure than Android devices and warns against iPhones that run anything but the latest iOS 13. Amongst android smartphones, he praises Pixel devices, and shares that he has “had good experiences with Motorola and Nokia Android One devices”

"iOS is still good, but Android's SELinux is the bane of my existence as someone who's building exploits," noted Weidman. Turner echos this sentiment:

"We charge three times as much for an Android pentest than we charge for an iOS one,"

Stop buying Samsung phones

Also, Turner had some strong opinions about Samsung:

“Karsten Nohl showed that Samsung was faking device updates last year.  Stop buying their stuff."

To be fair to Samsung, the authors of the study cited by Turner, later admitted that some of their findings weren’t accurate.

Biometrics — finger/print

Neither expert is a fan of biometrics. Weidman acknowledged that fingerprint readers and facial recognition are "better than nothing when used in addition to passwords."

However, Turner was more skeptical "I am fundamentally opposed to using biometrics because it's non-revocable," citing a case when a gang cut off a man’s finger to gain access to his car that was fingerprint-protected, “fingerprint readers are biometric toys."

According to Turner, the only two-factor authentication method without discovered security vulnerabilities is a hardware security key.

As crypto companies and crypto applications have become some of the most attractive targets for hackers and regular criminals alike, it is essential that everyone applies best practices to secure their digital assets.

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
PIVX, Possibly Other PoS Chains Vulnerable to Bug, Attackers Profit
Private transactions cryptocurrency PIVX and over 200 other blockchains are vulnerable to attackers obtaining disproportionately high staking rewards. A major staking vulnerability Cryptocurrency consulting firm Lunar Digital Assets claimed in a post published on its website on Aug. 12 that a staking vulnerability is being used across PIVX and its forks. The weakness reportedly allows the attacker to obtain mathematically impossible staking rewards on vulnerable proof-of-stake (PoS) chains. According to the post’s author, the PIVX development team claimed to have solved the issue in January. Nonetheless, a core developer of PoS altcoin BitGreen (BITG) noticed that the vulnerability in question …
Blockchain / Aug. 13, 2019
World Economic Forum Releases Report About Blockchain Cybersecurity
The World Economic Forum (WEF) released a report about blockchain cybersecurity on April 5. The report points out that most data breaches do not result from the level of skill of the hackers, but instead happen because appropriate security measures often are not implemented. The WEF further claims that while attackers do compromise blockchains themselves, they much more often try to exploit or compromise their deployment. The WEF references the data breach of retail giant Target, which lead to both the CEO and chief information officer being fired, also mentioning that the director of the United States Government Office of …
Blockchain / April 8, 2019
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022