Software Integrity Blog

Archive for the 'Mobile Application Security' Category

 

Top 6 technology trends that will affect software security in 2016

Since technology is intertwined into every aspect of most people’s lives around the world, the overall attack surface increases tremendously year over year. With this continually increased risk, we should place increased importance on software security. So as 2015 comes to an end, we’d like to predict what will define 2016 in terms of the […]

Continue Reading...

Posted in Cloud Security, Internet of Things, Mobile Application Security, Security Training, Software Security Initiative (SSI)

 

Jailbird: A cautionary tale of mobile application security awareness

For all the technology and solutions out there, the number one protection against cybercrime is still user awareness and the ability to understand when you are at risk—even as a consumer.  Our greatest exposure is when we use our smart phones. These devices carry not only all our favorite photos and music playlists, but also […]

Continue Reading...

Posted in Mobile Application Security

 

Using the SafetyNet API

The SafetyNet attestation API is a Google Play Services API that any developer can use in order to gain a degree of assurance that the device their application is running on is “CTS compatible.” CTS stands for Compatibility Test Suite, which is a suite of tests a device must pass, prior to release, to be […]

Continue Reading...

Posted in Mobile Application Security

 

Developers targeted in Apple’s iOS malware attack

Apple is currently taking measures to eradicate hundreds (potentially thousands) of malicious apps recently discovered in the iOS App Store. It has come to light that hackers distributed a modified version of Apple’s developer toolkit, Xcode, which embedded malware known as XcodeGhost into iOS apps as they were being compiled. While developers know they shouldn’t […]

Continue Reading...

Posted in Mobile Application Security, Software Security Initiative (SSI)

 

Integrating Touch ID into your iOS applications

What is Touch ID? Touch ID is Apple’s fingerprint technology for iOS mobile devices. It allows consumers to unlock their phones and make purchases conveniently using their fingerprint(s). As of iOS version 8.0, Apple opened up Touch ID to developers by making APIs available for use in the SDK. Biometric opinions This post assumes you […]

Continue Reading...

Posted in Mobile Application Security

 

Samsung SwiftKey: The latest AppSec vulnerability highlights

The Samsung smartphone SwiftKey security slip-up grabbed headlines in mid-June when it was discovered that 600 million Samsung smartphones were vulnerable to remote code execution (RCE) attacks. Synopsys security experts were all over the issue, providing analysis of the problem and guidance to help organizations avoid the same common software design flaws. Jim DelGrosso explained […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design

 

Cloud storage security storm: When it rains, it pours

This week was particularly newsworthy regarding mobile [in]security. Three different cloud storage vulnerabilities affecting users and platforms in various ways were announced. We had Samsung’s SwiftKey keyboard, which was not a single problem but a chain of failures. We also heard from researchers from Indiana University, Peking University, and the Georgia Institute of Technology about […]

Continue Reading...

Posted in Cloud Security, Mobile Application Security

 

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

The Samsung Galaxy phone hack was not caused by “one bug.” It was due to a chain of several failures, which makes it difficult to say who is at fault and how the Samsung hack could have been avoided. Don’t jump to conclusions! How did the Samsung Galaxy get hacked? Issue 1: Samsung uses a […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design

 

How to overcome the hurdles to mobile application security

Mobile apps are juicy targets for hackers. Consider the rich data that is captured by a mobile device, including call logs, SME messages and location information. Then, consider the rapidly evolving mobile platforms and frameworks that are new to many development organizations. It is no surprise that many mobile applications contain serious security vulnerabilities. If […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design, Web Application Security

 

What is MEMSCAN and how to use it

What is MEMSCAN? A Synopsys consultant, Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design