UK computer scientists aim to outsmart hackers with a novel strategy to counter rising mobile phone “account takeover” attacks. These attacks, involving unauthorized access to online accounts, pose substantial risks of personal and financial damage. The innovative approach seeks to proactively defend against this growing threat to safeguard user information.
Cyber threats exploit vulnerabilities of smartphones
The intricate network of software and applications forms the core of contemporary smartphones. This intricacy, unfortunately, creates various opportunities for cyber threats to exploit security vulnerabilities. Effectively countering these attacks necessitates understanding the hacker’s mindset, orchestrating intricate assaults through smaller, strategic maneuvers.
Cyber security professor at the University of Birmingham Dr. Luca Arnaboldi explains that the common tactic of observing someone’s PIN surreptitiously is widely recognized. Nonetheless, the ultimate goal for the assailant is to infiltrate applications housing extensive personal data, providing entry to accounts like Apple Pay, Amazon, Google, X, and even bank accounts.
The primary objective of the team was to document security vulnerabilities and analyze account takeover attacks by dissecting them into elemental components.
In the past, professionals employed “account access graphs” for examining security vulnerabilities. These graphs depict the interactions of phones, apps, SIM cards, and diverse security features at every access stage. Nevertheless, these graphs are inadequate in simulating account takeovers. For example, an assailant could extract the SIM card and insert it into another phone, thereby rerouting SMS messages and facilitating SMS-based password recovery methods.
Researchers develop new modeling technique for smartphone security
Researchers bridged a gap by devising a novel modeling technique grounded in formal logic, a methodology embraced by philosophers and mathematicians. This approach effectively delineates a hacker’s decision-making in scenarios involving mobile phones and PINs.
The study, beneficial for device manufacturers and app developers, provides insights into vulnerabilities and intricate hacking strategies. Validation against speculative assertions from a Wall Street Journal report revealed Android devices’ safeguard through Google account linkage. Furthermore, the research advocated an iPhone security upgrade, now implemented by Apple: combining a PIN with a prior password.
