Posted 5:07 PM 1/16/2012 : UCCS student points out phone security concerns
How secure is your smart phone?
A master's student, studying computer science at U.C.C.S., has uncovered some eye opening security issues on applications used on the iOS system - used in Apple products. David Stites says some apps may not be a secure as you'd like.
Stites shows News 5 what he's talking about; he logs into an account he's set up through Southwest Airlines on their mobile app. He logs on through an unencrypted network; you might use one when you use free Wi-Fi that doesn't require a password to use.
Just after he presses "log in," it just takes a couple of keystrokes on his computer to begin pulling information. It shows the user name and password he used; one he set up for this display.
"'David Stites', which we entered on our Southwest mobile app, and over here we see the password, "KOAA test," shows Stites.
From there he's got access to anything you have on your account. Stites tested 230 different apps for companies; looking for vulnerabilities, just like the one he found for Southwest. He says their security lapse was one of the most vulnerable he found, so he notified them -- about a month ago.
He can still retrieve the same information, so it looks like not much has changed.
We called Southwest too; a spokesman told News 5 that they're not aware of any major issues. He said they talk to people like Stites every day, but haven't made any major changes in the last month to the mobile app.
Stites put his findings online, on a blog he runs. His goal is to get companies focused on the need for security before it's too late.
"There's a tradeoff made of; well, how secure are we? Pretty secure? Well then we're willing to take that risk," says Stites.
It's hard to tell when a cyber attack will happen. Zappos, a popular online shoe store, had one over the weekend -- pulling personal information on up to 24 million customers; things like names, addresses, and the last four numbers of their credit cards.
Stites suggests you take a pro-active approach; he says a lot of people need to get more serious about the security on their phone.
"People need to think of these as like full computers, real computers," says Stites. "Just be very, very careful with your data."
Stites has data encryption on his computer and his phone; he suggests the same for everyone.