Fortify says MiFi security weakness highlights need for code auditing
"As our colleagues at EvilPacket have discovered, the unit's integral GPS interface can be hacked in such a way that a MiFi user visiting a malicious Web site can have their geographic location and passphrase revealed without their permission," said Richard Kirk, European director with the application vulnerability specialist.
"This is symptomatic of a product that has shipped before the designers have thought through the possible security issues with their product, and failed to test the security of the device's software at all stages of its development," he added.
According to Kirk, regular security testing of the code as part of a development process ensures software that is being developed is inherently secure.
In other words, he explained, this approach 'builds security into' the device - as opposed to attempting to add it after the device has been designed as is what will happen in this situation.
This approach, the Fortify European director went on to say, is not only more costeffective, but also results in applications that are much more secure because security was considered at every step of the development process.
"This isn't singling out the manufacturer of the affected MiFi unit for specific criticism. The failure to test the security of device software at all stages in their development is a common issue amongst technology products - the days of breadboarding up a device and then manufacturing it without a security test of the software have long gone," he said.
"That approach to technology product development may have applied in the early days of computing - as seen by BBC TV's Micro Men recently (http://bit.ly/5aICn) - but technology has moved on, so IT systems designers now owe it themselves, as well as their customers, to test the security of their software at all stages of product development," he added.
For more on Fortify: http://www.fortify.com
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
EU-DSGVO trifft Marketing unvorbereitet
Die aktuelle Studie „Die EU-DSGVO kommt – Sind Unternehmen vorbereitet?“ zeigt, dass es – nur wenige Monate vor dem Stichtag – bei Marketern und Führungskräften zum Teil noch große Wissenslücken gibt und große Planlosigkeit hinsichtlich der 2018 in Kraft tretenden EU-Datenschutz-Grundverordnung herrscht.Weiterlesen