Software Integrity Blog

Archive for the 'Mobile Application Security' Category

 

Top 10 software vulnerability list for 2019

The common software vulnerabilities on our top 10 software vulnerability list for 2019 are easy to find and fix with the right AppSec tools and guidance.

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Top 10 software vulnerability list for 2019

 

Fixing the CVE program, your personal data checking out and taking flight

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to see why these stories are trending or read the transcript below.

Continue Reading...

Posted in General, Mobile Application Security | Comments Off on Fixing the CVE program, your personal data checking out and taking flight

 

Golden Cup was a world cup of trouble

Nobody with any connection to, or interest in, the FIFA World Cup can say they weren’t warned.

Continue Reading...

Posted in General, Mobile Application Security | Comments Off on Golden Cup was a world cup of trouble

 

Are Android OEMs responsible for the gap in mobile security updates?

Google started releasing monthly security updates for Android back in August 2015. Modern Android devices show you the latest monthly patch level that has been applied. The responsibility for deploying the patches ultimately falls on original equipment manufacturers (OEMs) and carriers, who need to test the security updates on their devices to ensure that they do not break any functionality. Google does provide updates for its Nexus and Pixel devices directly to end users, but given how Android is designed, Google cannot simply push out arbitrary security updates to all Android devices. Do OEMs have to push out updates? The problem is that OEMs and carriers are responsible not only for pushing out the updates but also for displaying the latest month for which Google’s monthly updates have been applied to a device. There may be legitimate reasons why an OEM or carrier may choose not to push out a security update for a particular type of device. For example:

Continue Reading...

Posted in Mobile Application Security | Comments Off on Are Android OEMs responsible for the gap in mobile security updates?

 

Apps security the top challenge for customer-facing mobile and web applications research shows

A new Synopsys survey reveals that customer-facing web and mobile applications are the top security challenge for IT professionals in Asia.

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Apps security the top challenge for customer-facing mobile and web applications research shows

 

Demystifying Android’s SafetyNet Attestation at Black Hat Europe 2017

Many app developers have questions like “Is the device my app runs on reliable? Is it trustworthy? Could it be ‘rooted’?”

Continue Reading...

Posted in General, Mobile Application Security | Comments Off on Demystifying Android’s SafetyNet Attestation at Black Hat Europe 2017

 

iPhone X Face ID: Evaluating the security of biometric systems

Several frameworks have been proposed to evaluate the security of biometric systems. Popular ones include the simpler Ratha’s framework [1] and the enhanced Bartlow and Cukic framework [2].

Continue Reading...

Posted in Mobile Application Security | Comments Off on iPhone X Face ID: Evaluating the security of biometric systems

 

How secure is iPhone X Face ID facial recognition?

Written in coordination with Grant Douglas

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on How secure is iPhone X Face ID facial recognition?

 

3 tips to ramp up your mobile application security

Modern mobile device users often have their devices tightly integrated into daily life. From banking apps to social media feeds, these applications are high visibility targets for hackers and thieves looking to exploit weaknesses or hijack vulnerabilities. By ramping up mobile app security, vendors ensure the safety and security of their users and their infrastructure. Recent mobile attacks and vulnerabilities The latest high-profile mobile threat is the Broadpwn attack. This threat targets the Broadcom chipset used in many popular mobile devices. Broadpwn takes advantage of low-level communications combined with flaws in the Android platform. Thus, allowing a malicious payload to travel from one phone to the next virtually undetected. Fuzz testing tools are an ideal method of detecting this type of flaw.

Continue Reading...

Posted in Mobile Application Security | Comments Off on 3 tips to ramp up your mobile application security

 

Automotive security goes beyond the car

There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, lacking proper authentication of users and commands, potentially putting the end user at risk, both for physical harm and data loss.

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Automotive security goes beyond the car