Black Hat 2015: 5 Takeaways on Mobile App Security

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Black Hat 2015: 5 Takeaways on Mobile App Security-6 Next

Mobile App Insecurity - Fail

For all of the hype, true mobile app insecurity fails to deliver.

Because mobile devices are so ingrained in the lives of almost everyone with access to news and the Internet, every new exploit on mobile generates its own hype cycle, complete with the "fear, uncertainty and dread" that this exploit will be the one that buries one vendor or another. The truth is, while there continue to be definite and identifiable vulnerabilities in mobile apps and operating systems, the level of fright surrounding a new vulnerability release consistently overshoots the actual impact the vulnerability has on the real world. Vulnerabilities are all over the place, but actual mobile breaches of any magnitude continue to be rare.

There was a lot of buzz at Black Hat surrounding the latest exploit to Android by the name of "StageFright," a bug within the executing code of the Android operating system distributed to over 95 percent of its user base. However, during the presentation by StageFright's discoverer, Joshua Drake, Zimperium's vice president of platform research and exploitation, it was clear that Android's cooperation and rapid response to the vulnerability proved out the OS's model of shared security and community involvement. While the headlines scream '950,000,000 devices affected,' the fact is that there have been, to date, exactly zero known real-world exploits using this technique.

There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.

While Apple and Android's models are working fairly well for the user communities they are targeting, it's clear that there continue to be significant vulnerabilities in enterprise mobile app development. Developing secure mobile apps that protect companies from external threats and ensure that data privacy, security and regulatory demands are met is not an easy task.

The plane of vulnerability across corporate data extends significantly as soon as you include mobile in your portfolio. One of the most critical threats to enterprises comes from within – the mishandling and misappropriation of sensitive corporate data by employees. While Apple and Android continue to provide valuable tools and processes to help with security, it is ultimately up to the designers and developers of the apps and supporting infrastructure to understand, appreciate and code to the security and compliance standards set forth by the community at large.

In this slideshow, Robert McCarthy, technical advisor at Mobiquity, outlines five takeaways from this year's Black Hat 2015, particularly focusing on the differences in Apple and Android's security models – and how you should address them.

 

Related Topics : In Their Own Words: The Four Dark Horses for the Third Major Mobile OS Speak, HTC, Mobile Search, 3G, Location-Based Services

 
More Slideshows

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Global33-290x195 2017 and Beyond: How Digital Innovation Will Impact the World

Digital innovation is by far the biggest influencer, changing the way we do just about everything, from shopping to communication to running a business. ...  More >>

IT_Man85-290x195 Business in the Front, Balance All Around: Working with Gen Z

In order to attract Gen Z talent, employers will need to take into account that this group of the workforce may expect a different set of benefits. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.