Fortify says MiFi security weakness highlights need for code auditing

San Mateo/CA, (PresseBox) - News reports that the GPSenabled Wireless MiFi unit can be persuaded to reveal its position across the internet - without the user being aware of the information leak (http://bit.ly/8tZcKF) - highlights the fact that manufacturers are cutting corners and failing to code audit products before they ship, says Fortify Software.

"As our colleagues at EvilPacket have discovered, the unit's integral GPS interface can be hacked in such a way that a MiFi user visiting a malicious Web site can have their geographic location and passphrase revealed without their permission," said Richard Kirk, European director with the application vulnerability specialist.

"This is symptomatic of a product that has shipped before the designers have thought through the possible security issues with their product, and failed to test the security of the device's software at all stages of its development," he added.

According to Kirk, regular security testing of the code as part of a development process ensures software that is being developed is inherently secure.

In other words, he explained, this approach 'builds security into' the device - as opposed to attempting to add it after the device has been designed as is what will happen in this situation.

This approach, the Fortify European director went on to say, is not only more costeffective, but also results in applications that are much more secure because security was considered at every step of the development process.

"This isn't singling out the manufacturer of the affected MiFi unit for specific criticism. The failure to test the security of device software at all stages in their development is a common issue amongst technology products - the days of breadboarding up a device and then manufacturing it without a security test of the software have long gone," he said.

"That approach to technology product development may have applied in the early days of computing - as seen by BBC TV's Micro Men recently (http://bit.ly/5aICn) - but technology has moved on, so IT systems designers now owe it themselves, as well as their customers, to test the security of their software at all stages of product development," he added.

For more on Fortify: http://www.fortify.com

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

EU-DSGVO trifft Marketing unvorbereitet

Die ak­tu­el­le Stu­die „Die EU-DSG­VO kommt – Sind Un­ter­neh­men vor­be­rei­tet?“ zeigt, dass es – nur we­ni­ge Mo­na­te vor dem Stich­tag – bei Mar­ke­tern und Füh­rungs­kräf­ten zum Teil noch gro­ße Wis­sens­lü­cken gibt und gro­ße Pl­an­lo­sig­keit hin­sicht­lich der 2018 in Kraft tre­ten­den EU-Da­ten­schutz-Grund­ver­ord­nung herrscht.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.