Featured Research

from universities, journals, and other organizations

Mobile browsers fail Internet safety test

Date:
December 5, 2012
Source:
Georgia Institute of Technology
Summary:
How unsafe are mobile browsers? Unsafe enough that even cyber-security experts are unable to detect when their smartphone browsers have landed on potentially dangerous websites, according to a recent study.

How unsafe are mobile browsers? Unsafe enough that even cyber-security experts are unable to detect when their smartphone browsers have landed on potentially dangerous websites, according to a recent Georgia Tech study.

Like their counterparts for desktop platforms, mobile browsers incorporate a range of security and cryptographic tools to provide a secure Web-browsing experience. However in one critical area that informs user decisions -- the incorporation of tiny graphical indicators in a browser's URL field -- all of the leading mobile browsers fail to meet security guidelines recommended by the World Wide Web Consortium (W3C) for browser safety, leaving even expert users with no way to determine if the websites they visit are real or imposter sites phishing for personal data.

"We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90 percent of the mobile browsers in use today in the United States," said Patrick Traynor, assistant professor in Georgia Tech's School of Computer Science. "The basic question we asked was, 'Does this browser provide enough information for even an information-security expert to determine security standing?' With all 10 of the leading browsers on the market today, the answer was no."

The graphic icons at issue are called either SSL ("secure sockets layer") or TLS ("transport layer security") indicators, and they serve to alert users (a) when their connection to the destination website is secure and (b) that the website they see is actually the site they intended to visit. The tiny "lock" icon that typically appears in a desktop browser window when users are providing payment information in an online transaction is one example of an SSL indicator. Another is the "https" keyword that appears in the beginning of a desktop browser's URL field.

The W3C has issued specific recommendations for how SSL indicators should be built into a browser's user interface, and for the most part, Traynor said, desktop browsers do a good job of following those recommendations. In mobile browsers, however, the guidelines are followed inconsistently at best and often not at all.

The principal reason for this, Traynor admits, is the much smaller screen size with which designers of mobile browsers have to work. Often there simply isn't room to incorporate SSL indicators in same way as with desktop browsers. However, given that mobile devices are widely predicted to face more frequent attacks from cyber-criminals, the vulnerability is almost sure to lead to increased cyber-crime unless it is addressed.

"Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers," said Chaitrali Amrutkar, a Ph.D. student in the School of Computer Science and principal author of the paper that described the SSL research. "Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help."

The paper, "Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road," earned Amrutkar a Best Student Paper award at this year's Information Security Conference, held Sept. 19-21 in Passau, Germany. Traynor and Amrutkar said the study, essentially a measurement analysis of the current state of visual security indicators in mobile browsers, is a necessary first step in developing a uniform set of security recommendations that can apply to mobile browsers.

"We understand the dilemma facing designers of mobile browsers, and it looks like all of them tried to do the best they could in balancing everything that has to fit within those small screens," Traynor said. "But the fact is that all of them ended up doing something just a little different -- and all inferior to desktop browsers. With a little coordination, we can do a better job and make mobile browsing a safer experience for all users."


Story Source:

The above story is based on materials provided by Georgia Institute of Technology. Note: Materials may be edited for content and length.


Cite This Page:

Georgia Institute of Technology. "Mobile browsers fail Internet safety test." ScienceDaily. ScienceDaily, 5 December 2012. <www.sciencedaily.com/releases/2012/12/121205112829.htm>.
Georgia Institute of Technology. (2012, December 5). Mobile browsers fail Internet safety test. ScienceDaily. Retrieved September 18, 2014 from www.sciencedaily.com/releases/2012/12/121205112829.htm
Georgia Institute of Technology. "Mobile browsers fail Internet safety test." ScienceDaily. www.sciencedaily.com/releases/2012/12/121205112829.htm (accessed September 18, 2014).

Share This



More Computers & Math News

Thursday, September 18, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Let's Review Apple's Latest iPhone Reviews

Let's Review Apple's Latest iPhone Reviews

Newsy (Sep. 17, 2014) The tech press has shared its thoughts on the latest iterations of Apple's iPhone. We summarize the reactions to help you decide: iPhone 6 or 6 Plus? Video provided by Newsy
Powered by NewsLook.com
Facebook Reportedly Building Another New Photo Sharing App

Facebook Reportedly Building Another New Photo Sharing App

Newsy (Sep. 17, 2014) Sources tell TechCrunch Facebook is working on Moments, an app for sharing photos with close friends and family. But why develop yet another new app? Video provided by Newsy
Powered by NewsLook.com
What Not To Do When Installing iOS 8

What Not To Do When Installing iOS 8

Newsy (Sep. 17, 2014) Several sites are warning early adopters not to enable Apple’s new iCloud Drive feature during the installation process. Video provided by Newsy
Powered by NewsLook.com
2K Drafts Face-Mapping Tech for New Game

2K Drafts Face-Mapping Tech for New Game

AP (Sep. 17, 2014) "NBA 2K15" is angling for a slam dunk with an innovative new way to put players in the game. Gamers will be able to digitally graft lifelike 3D renditions of their faces onto virtual players using the PlayStation 4 and Xbox One cameras. (Sept. 17) Video provided by AP
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins