We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Ga. Tech researchers: Mobile browsers need better HTTPS indicators

Researchers from Georgia Tech recently released a study that claims almost all mobile browsers in use in the U.S. fail to accurately notify users whether they are using HTTPS or not.

RAMBLIN' (SECURITY) WRECK: Report: Cloud botnets, search poisoning and mobile attacks among 2013's biggest security issues 

MORE MOBILE BROWSER ISSUES: Mobile browser vulnerability lets hackers steal cloud computing time

World Wide Web Consortium guidelines recommend that all browsers clearly identify the HTTPS status of their current connection. When tested, the Georgia Tech researchers found that the browsers used by 90% of American mobile customers didn't measure up.

"The basic question we asked was, 'Does this browser provide enough information for even an information-security expert to determine security standing?'" said assistant professor of computer science Patrick Traynor (shown here). "With all 10 of the leading browsers on the market today, the answer was no."

A major part of the problem, of course, is that mobile browsers have serious limits on screen real estate compared to their desktop equivalents - and the researchers stressed that the smartphone software generally had the same types of cryptographic and security capability found in traditional programs.

However, the lack of an HTTPS indicator is still a problem, according to computer science Ph.D student Chaitrali Amrutkar, who authored the paper describing the study's results.

"Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers," he said. "Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help."

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about anti-malware in Network World's Anti-malware section.


IDG UK Sites

Contactless payments to launch on London public transport this year

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

NASA offers free 3D models of satellites, probes and planets for 3D printing and animation projects