Software Integrity Blog

Archive for the 'Mobile Application Security' Category

 

Researchers hijack automotive mobile apps

Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle.

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps

 

Here are the top 10 best practices for securing Android apps

Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally.

Continue Reading...

Posted in Mobile Application Security, Security Training | Comments Off on Here are the top 10 best practices for securing Android apps

 

Stealing authentication tokens from locked machines with a mobile phone

Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating system (e.g., Windows, Mac OS X, Linux).

Continue Reading...

Posted in Mobile Application Security | Comments Off on Stealing authentication tokens from locked machines with a mobile phone

 

Brace yourselves: Application transport security is coming

HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. There are many ways in which HTTPS can be improperly configured. Thus, resulting in the use of insecure connections.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Brace yourselves: Application transport security is coming

 

Dangerous iOS flaws patched in emergency update

iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Dangerous iOS flaws patched in emergency update

 

1.4 billion Android devices vulnerable to hijack attacks

Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data.

Continue Reading...

Posted in Mobile Application Security, Open Source Security | Comments Off on 1.4 billion Android devices vulnerable to hijack attacks

 

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Up to 900 million Android phones vulnerable to Qualcomm flaw

 

iOS Pokemon GO has full access to your Google account (for now)

Perhaps the number one game app in the world right now, Pokemon GO developers admit their app has too much Google access on iOS devices.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on iOS Pokemon GO has full access to your Google account (for now)

 

Android full-disk encryption flaw may have been previously known to Google

A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google more than one year prior to the patch issued last May.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on Android full-disk encryption flaw may have been previously known to Google

 

The timeless truth of software security fundamentals

More than a decade’s worth of good deeds were recently memorialized with Microsoft’s announcement that Michael Howard and Steve Lipner’s book The Security Development Lifecycle (PDF) is now available for free online. What a great contribution by Michael, Steve, and Microsoft to the community; and cheers to the continued growth of software and application security as a discipline!

Continue Reading...

Posted in Internet of Things, Mobile Application Security | Comments Off on The timeless truth of software security fundamentals