This week’s security news explores reports of a dangerous exploit found in Samsung’s Galaxy devices, the government’s plans to increase security awareness and more.
The creators of the free Android iteration Replicant claim to have discovered a security flaw in Samsung Galaxy smartphones and tablets which could potentially leave a backdoor open, which dangerous cyber attackers could exploit in order to gain remote access to the devices’ file systems.
Among the devices affected are the Nexus S, Galaxy S, Galaxy S2, Galaxy Note, Galaxy Nexus, Galaxy Tab 2, Galaxy SIII and Galaxy Note 2 – with more said to be at risk.
One of the developers of Replicant, Paul Kocialkowski, explained in a blog post: "This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write and delete files on the phone’s storage."
"On several phone models, this program runs with sufficient rights to access and modify the user’s personal data."
Meanwhile, the UK government has announced plans, including a new higher level apprenticeship and teaching grants, to meet an increasing demand for cyber security skills.
Hugh Boyes from the Institution of Engineering and Technology (IET) said: “With increasing threats to systems and new vulnerabilities emerging daily, there is an urgent need to develop a pipeline of qualified and experienced cyber security professionals to safeguard our systems and infrastructure in the future.”
“Research by the IET has highlighted that a significant lack of skilled workers is hampering the UK’s fight against cyber-crime.”
“These measures announced by the Government will help to fill the shortage of skills in this important area – and put us in a stronger position to combat cyber-crime in the years ahead.”
“The challenge now is to make sure businesses are aware of these Government initiatives, and start to view securing cyber security skills within their businesses as a priority.”
The governments plans may come at a critical time, as research revealed that UK e-commerce sites are not doing enough to protect users from choosing insecure passwords.
David Emm, senior security researcher at Kaspersky Labs, commented: "New research has suggested that UK e-commerce sites are not doing enough to ensure customers use secure passwords.”
“As consumers we all have a responsibility to secure ourselves by using unique, complex passwords and, while it may seem a big ask to expect companies to make sure their customers are choosing secure passwords, online providers can make it easier for customers by simply disallowing extreme examples of insecure passwords such as ‘password’ or ‘123456’.”
“Websites need to ensure that customers are freely able to create secure and varied passwords for themselves by removing certain restrictions, for example, restrictions on non-alpha-numeric characters or upper limits for password lengths.”
“With so many people having so many online accounts, secure passwords should be a given and both companies and consumers need to take on the responsibility to protect their online identities. "