Black Hat 2015: 5 Takeaways on Mobile App Security

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Next

Apple Security Model

Apple has nailed the security model for mobile apps so far.

The differences in attack surfaces between Android and Apple are imminently clear. During his first day of boot camp at Black Hat, McCarthy was among a group of attendees who were tasked with hacking into various apps using tried and true methods and tools once reserved only for the "Black Hat" hackers. Where Android works in the open-source arena, allowing an abundance of hacking tools and processes to proliferate, Apple's walled garden approach to app development and distribution makes it really difficult to crack into an iOS device. Apple controls the development tools, the hardware, the OS, the patching and upgrade process, the app review and approval process, and the distribution channel.

While it can be a cumbersome process for developers to follow, this closed eco-system makes it extremely difficult to construct any kind of mobile-targeted attack at scale. Essentially, without possessing the physical device and jailbreaking it to expose some degree of access, the level of difficulty to do anything malicious to an Apple device makes it an unlikely target for most hackers.

There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.

While Apple and Android's models are working fairly well for the user communities they are targeting, it's clear that there continue to be significant vulnerabilities in enterprise mobile app development. Developing secure mobile apps that protect companies from external threats and ensure that data privacy, security and regulatory demands are met is not an easy task.

The plane of vulnerability across corporate data extends significantly as soon as you include mobile in your portfolio. One of the most critical threats to enterprises comes from within – the mishandling and misappropriation of sensitive corporate data by employees. While Apple and Android continue to provide valuable tools and processes to help with security, it is ultimately up to the designers and developers of the apps and supporting infrastructure to understand, appreciate and code to the security and compliance standards set forth by the community at large.

In this slideshow, Robert McCarthy, technical advisor at Mobiquity, outlines five takeaways from this year's Black Hat 2015, particularly focusing on the differences in Apple and Android's security models – and how you should address them.

 

Related Topics : In Their Own Words: The Four Dark Horses for the Third Major Mobile OS Speak, HTC, Mobile Search, 3G, Location-Based Services

 
More Slideshows

IT_Man85-290x195 Business in the Front, Balance All Around: Working with Gen Z

In order to attract Gen Z talent, employers will need to take into account that this group of the workforce may expect a different set of benefits. ...  More >>

mobile92-290x195.jpg Why and How to Build an Enterprise App Store

Enterprise app stores provide a single "shopping experience" for employees and support both a BYOD model and a self-service IT model. ...  More >>

ClickSoftwareEnterpriseAR0x 5 Ways Pokémon GO Is Driving Augmented Reality in the Enterprise

With the consumerization of AR, it appears the technology is finally within arm's reach for those savvy enterprises willing to reach out and grab it. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.