Mocana's Weekly News Roundup, Ed 17
To summarize many of these articles, there is a "lack of priority in mobile security." (see first article below)
As mobile devices become more integrated into our daily lives, it is essential we address the problems that lack of proper security poses to our personal and professional lives.
Both Apple and Android well as many apps that run on those platforms have proven security risks and flaws.
While progress is being made daily on improving security, news from the week clearly shows that we still have a very long way to go.
To read more on these topics, check out our links for the Roundup below:
Clearly, there are many obstacles to application security that range across a wide array of topics. Some examples include not only ensuring everything is up to date, but "the cost of maintaining standards and third-party verification." This article sums up a main problem; that there is a "lack of priority in mobile security."
Research done by the Massachusetts Institute of Technology (MIT), Harvard and Carnegie-Mellon have shown that mobile apps are "regularly leaking information to third parties." In fact, this is found on popular apps, and 73% of Android apps have shared personal information. However, Apples phones aren't immune, as 47% of apps are shown to "share location data."
Mobile app security vendors Checkmarx and AppSec Labs have shown that "the average mobile app has nine vulnerabilities." The most common, which encompassed 27% of the vulnerabilities discovered, "was leakage of personal or sensitive information." While the focus isn't on app-based threat vectors, we have seen the movement to PC, and it can cause big problems in the future.
Smartphones have literally revolutionized the way we live--and "all of this has happened in less than ten years." To keep up with this, "the technology itself must be made smarter and more secure." This article outlines some of the many issues that pervade smartphones today, and what we can do to improve their infrastructure and security.
Federal agencies are trying to find apps that are safe for government use, and will drive productivity while being secure. The conference mentioned outlines the collaboration with the Cyber Security Division to "continuously catalog and review mobile applications to identify suitable apps." Although research is underway, there's clear pressure to develop apps quicker with the expectation of them being secure.
Many apps on the Google Play Store can be "easily reverse-engineered, and then re-packaged with malicious functionality." Security problems emerge in the differences between encrypting the source code of all apps--while Apple does this automatically, Google leaves this up to the developers to decide. See which apps are the easiest to hack so you can stay informed.
We value your input as a reader; let us know your thoughts in the comments here or tweet us @mocana.