Download: Fast, Fun, Awesome
study in australia
student information in australia
Australian University graduate information
professional networking for australian university students
employment links for australian university students
University quizzes for australian students
Smartphone users at risk of man-in-the-middle

Smartphone users at risk of man-in-the-middle

Smartphone users who remotely check their emails are at risk of online hackers gaining access to their devices, ECU researcher Mr Peter Hannay has found.

Mr Hannay’s new research has found a way to hack in to people’s smartphones by impersonating a Microsoft Exchange server, gaining access to their private information or completely wiping the data from their phone.

A Microsoft Exchange Server is used on many smartphones to check emails. It is the mail server for Microsoft Windows which combines email, calendars and contacts into one system.

“Microsoft Exchange has an interesting relationship with its clients – it demands control over mobile devices through passwords, remote lock out and remote wipe functionality. People hand over the control of their phones to the server, which can then be easily hacked,” Mr Hannay said.

Conducting a series of tests at ECU’s secau Security Research Institute, Mr Hannay was able to impersonate a Microsoft Exchange server, acting as a makeshift man-in-the-middle.

Using the makeshift server, he manipulated the relationship between smartphones and Microsoft Exchange, hacking into a phone, gaining access to private information and deleting all data. .

The flaw, Mr Hannay believes, is the way in which the Microsoft Exchange is set up.

“When emails are synced to your phone you accept the conditions via an initial prompt,” Mr Hannay said.

“Thereafter, whenever the server sends updates or amendments to the phone they are accepted without awareness or permission from the user,” he said.

This research is only the start of further investigation in to man-in-the-middle attacks, leveraging Microsoft Exchange against poorly constructed smartphones.

“At the moment we have a lot of trust in the Microsoft Exchange server. We put faith in them to look after all our data,” Mr Hannay said.

“Initial findings show that the relationship is not at as secure as first thought, putting many of us at risk of attack without even knowing.

“Manipulating the system was really simple to do, which is what I find most disturbing.”

The research is part of an ongoing investigation into the flawed relationship between servers and mobile devices, conducted by Mr Hannay and the team at the secau Security Research Institute.

Mr Hannay is set to present at the secau Security Congress in Perth from 3 to 5 December 2012. His presentation with ECU colleagues, Eavesdropping on the Smart Grid, further looks at the security risks associated with smart grid technologies.

Leave a reply

Feature Research
Controlling fear by modifying DNA

For many people, fear of flying or of spiders skittering across the lounge room floor is more than just a [more]

Kidney disease gene controls cancer highway

University of Queensland researchers have discovered that a gene that causes kidney disease also controls growth of the lymphatic system, [more]

Queensland fraud is a billion dollar business

Queensland businesses could be losing over $12 billion per annum as a result of company fraud according to a recent study [more]

Inside the mind of a burglar

Burglars are opportunistic, generally choose their targets at random and know all the tricks householders try to use as deterrents, [more]

Flight experiment goes boldly forth to advance new technology

A hypersonic flight experiment at eight times the speed of sound, led by a University of Queensland PhD student, has [more]

Pre-drinking alcohol before hitting the nightclubs likely to lead to violence

The increasingly common practice of drinking at home before hitting the nightclubs is the major predictor of people experiencing harm [more]

Research reveals women are more interested in a man’s earning capacity than the size of his wallet

Despite ABBA’s insistence that women long for “money, money, money”, research has found that The Beatles were on the [more]

Challenges still face women seeking seniority in business

Research conducted by the UTS Centre for Corporate Governance underpinning the 2012 Australian Census of Women in Leadership reveals a decade [more]

Swiss Army Knife teeth secret to seal’s success

Biologists have shown how an advanced set of teeth give Antarctic leopard seals the biological tools to feast on prey [more]

Beautiful physics: Tying knots in light

New research published today seeks to push the discovery that light can be tied in knots to the next level. [more]