None of the leading mobile browsers have security that's up to snuff, according to researchers at Georgia Tech.
"We found vulnerabilities
in all 10 of the mobile browsers we tested, which together account for
more than 90% of the mobile browsers in use [in the U.S.]," Patrick
Traynor, assistant professor at Georgia Tech's School of Computer
Science, said in a school press release.
On mobile browsers, even experts have trouble determining the legitimacy of a website
due to the lack of graphic indicators such as a lock icon that show
when a browser is using the security protocols secure sockets layer
(SSL) or transport layer security (TLS).
Such icons amd indicators, present on almost all desktop browsers,
quickly tell users whether the site they're visiting is secure and
legitimate. Examples include the HTTPS address prefix and the padlock icon that appears when users are entering sensitive data like payment information.
The World Wide Web Consortium (W3C) puts forth specific guidelines as
to how SSL and TLS should be implemented, something desktop browsers
typically do well. When it comes to their mobile counterparts, the W3C
recommendations don't seem to be taken as seriously. Because people
regularly use their smartphones to shop and conduct banking transactions, that's a big problem.
"Research has shown that mobile browser users are three times more likely to access phishing
sites than users of desktop browsers," said Chaitrali Amrutkar, the
main author of the Georgia Tech paper. "Is that all due to the lack of
these SSL indicators? Probably not, but giving these tools a consistent
and complete presence in mobile browsers would definitely help."
Mobile developers are constantly faced with the challenge of creating
an enjoyable browsing experience on a display that's only a fraction of
the size of a desktop. But a malware-ridden or hacked phone isn't
enjoyable at all.
Once developers figure out a smart and consistent way to implement
SSL and TLS, Traynor said, everyone will be more secure and better
served.
"With a little coordination, we can do a better job and make mobile browsing a safer experience for all users," he said.
Photo courtesy of Flickr, Robert S. Donovan
