Mobile Browsers At High Risk For Cyber Crime
Mobile devices like smartphones and tablets have recently become the most popular way to browse the internet in the world. But according to a new study by Georgia Tech, it also just happens to be the least safe method, after finding that none of the leading mobile browsers that have adequate security.
“We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90% of the mobile browsers in use [in the U.S.],” said Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science and co-author of the study.
The study, called Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?, found that a key aspect of mobile browsing, SSL (secure sockets layer) or TLS (transport layer security) indicators, were conspicuously missing from mobile browsers. These graphics in the URL act as indicators of a site’s security level, and without them, users unable to gauge whether a site is genuine or a fake used to phish personal information. As a result, every top mobile browser fails to meet the World Wide Web Consortium’s guidelines for secure browsing.
“Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers,” said Chaitrali Amrutkar, lead author of the study. “Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help.”
The reason why these indicators are missing, according to Traynor, is largely due to the constraints imposed by the small screen size inherent in mobile devices. Whereas desktop browsers have enough room to fit tool bars and plugins into the URL as well as TLS or SSL indicators, mobile browsers often simply lack the room. But with more internet users logging on with smartphones and tablets than laptops or desktops, mobile devices are predicted to increasingly become a favorite target of phishing and viruses in coming years. In the eyes of Traynor and Amrutkar, this means that a new set of security guidelines must now be developed.
“We understand the dilemma facing designers of mobile browsers, and it looks like all of them tried to do the best they could in balancing everything that has to fit within those small screens,” Traynor said. “But the fact is that all of them ended up doing something just a little different—and all inferior to desktop browsers. With a little coordination, we can do a better job and make mobile browsing a safer experience for all users.”
The study may be found on the online publishing site Springer.com.