While consumers and business users are using mobile devices for more purposes than ever, they may be inadvertently exposing confidential information to malicious outsiders, especially if they are using a Samsung product. Unfortunately, the issue that was recently discovered exists on a software level, which means end-users with no experience in the IT industry may lose control over highly sensitive data.
A recent InformationWeek report highlighted how researchers from the Replicant project, which replaces proprietary Android solutions with free offerings, discovered a software-based backdoor that cybercriminals can use to steal personal and location information. Developers said several Samsung smartphone and tablet models, such as the Galaxy S, Galaxy Note and Nexus S, have been shipped with a program that permits a modem to perform backdoor operations on the platforms. Unfortunately, these gateways can be manipulated by malicious outsiders and used to steal personal information.
Paul Kocialkowski, a developer at Replicant, said that at least nine Samsung device models have been identified as housing the backdoor platform, though more gadgets may also have the vulnerability. Experts warned Android users to be careful, as the gateway can be utilized by any remote hacker, such as cybercriminals and even intelligence agencies, to steal sensitive information or monitor Web activity and location data.
While IT professionals said developers could build firewalls to mitigate these vulnerabilities, the process is not common. This suggests that software developers need to be more vigilant in their creation of solutions, as leaving these types of weaknesses available when the mobile devices are shipped on such a massive scale can compromise the personal lives of millions of people.
Building proper software
The unfortunate truth is that software today is much more complex than it used to be, especially now that applications are increasingly built with mobile in mind. In general, the software development cycle begins with IT professionals constructing a definition of what the code is meant to do and how it will function. Using these expectations, developers can design, code, test and implement the tools. Somewhere in the process, however, teams need to be sure the solutions are secure.
One of the best ways to ensure applications are safe is to use static code analysis and code review tools that enable developers to look over the application and its interactions between code units. This means that developers can create the tools with more than one perspective. In other words, fewer vulnerabilities will likely find their way through to the final product because so many eyes will have seen the code that makes up the solution.
Testing is also an important process and developers need to be sure mobile tools that will be shipped to millions of people are rigorously evaluated and scrutinized. In the end, it can be difficult to guarantee that zero vulnerabilities will be present in the final application. Nevertheless, creating applications using a secure and continuous development cycle will likely reduce the odds of software being launched with major flaws.