By adding support for Android devices, the PhoneFactor App now ensures that iOS users are not the only hip people “App Authenticating” around the office, house, coffee shop, or wherever their busy lives takes them. Smartphones and tablets have become an extension of daily life for hundreds of millions of people worldwide. Using these same devices to provide multi-factor authentication – a function that has become a must-have security tool in nearly every industry – is preferred by users over carrying security tokens and more convenient than certificates that requires the user to be on their work or home computer.
The PhoneFactor App is extremely easy to use. It works by pushing a notification to the user’s smartphone or tablet. Instantly, an alert pops up on the user’s device. The user simply taps “Authenticate” (or enters a PIN and taps “Authenticate”) in the PhoneFactor App to verify account logins and transactions. To report fraud, the user simply taps the “Report Fraud” option instead to block the attacker and alert the company’s fraud response team.
The PhoneFactor App works anywhere the user’s mobile device is connected to either a cellular or a Wi-Fi network. This means users can “App Authenticate” anywhere, including on a plane in the air – definitely increasing the cool factor for both iOS and Android users.
“Smartphones and tablets are the multi-tool of today’s professional generation. Busy hyper-taskers use them for everything from checking email and paying bills to remotely performing complex and high risk job tasks. The PhoneFactor App makes multi-factor authentication second-nature for them,” commented Tim Sutton, PhoneFactor CEO. “We’re glad that Android is now available so that everyone can experience App Authenticating.”]]>
Well, that is true to an extent, and I still maintain that iOS is more secure than Android overall, but you can’t ignore the fact that hackers manage to jailbreak iOS–often within a day or two of a new version being released. Jailbreaking, in and of itself, is not malicious. It is designed to break down the Apple walls and give users more open access to work with their iOS devices as they choose without needing permission from Apple. The reality, though, is that if benign hackers can jailbreak iOS and gain full control over the mobile OS, then so can malicious attackers–leaving iPhones and iPads exposed to significant security risk.
The recent JailbreakMe 3.0 tool can wirelessly jailbreak iOS devices–including the iPad 2, using a flaw in the way iOS manages PDF files. Apple is working on a fix, but in the meantime I recommend being very careful about opening PDF files on an iOS device–unless you are intentionally trying to jailbreak the device.]]>
Some might say it is controlling, or that Apple policies and restrictions within iOS and for iOS app developers lean toward draconian. But, sometimes there are benefits to the “walled garden” approach.
Android users have been hit by more than 50 malicious Trojan apps that somehow made their way into the official Google Android Market. What is even worse is that these DroidDream malicious apps are able to bypass Android security controls and gain root access to the system–granting the malware almost limitless power to further infect or compromise the Android smartphone.
Well, not only would the stringent app review process at Apple be more likely to uncover hidden malicious code like DroidDream, but the success of DroidDream is largely a result of the fragmented Android landscape. Google is on Android 2.3 Gingerbread for smartphones, and recently launched Android 3.0 Honeycomb for tablets. The vulnerabilities exploited by DroidDream to root Android were fixed in Gingerbread–which has been available for nearly three months. However, only about one percent of all Android devices have actually received the update to Gingerbread, and the rest are at the mercy of individual smartphone manufacturers to determine when–or if–they will get it.
Meanwhile, more than 90 percent of the iOS devices out there are running the latest version and anxiously awaiting the release of iOS 4.3 later this week. When iOS 4.3 is released, it will be available to virtually all iPhone, iPad, and iPod Touch devices (Verizon iPhones are already running a more current version of iOS than other devices and are excluded from the iOS 4.3 update for now).
The diversity of hardware, and the open software platform of Android are a double-edged sword. There are certainly benefits, but there is a problem when known vulnerabilities still exist in 99 percent of the Android devices because of device and OS fragmentation.]]>