This will be the last installment of #MobSec5 for 2016. You’ll hear from us again the first week of 2017. In the meantime, we encourage you to follow us on Twitter at @NowSecureMobile where we’ll share relevant mobile security news items.
Your “baker’s dozen” of mobile security news items this week includes:
- Medical mobile app compromised
- The largest data breach ever
- Apple releases iOS 10.2, which includes a number of security updates
Thanks for reading. Happy New Year, be good, and stay safe.
“Hackers breached the Quest Diagnostics mobile health app MyQuest by Care360 and stole electronic medical records for thousands of customers.”
An insecure mobile app allowed an unauthorized third party to access the names, dates of birth, lab results, and (in some cases) phone numbers of 34,000 Quest Diagnostics’ customers last month. The company states that Social Security and payment card numbers were not exposed. Even so, the information compromised falls under the definition of protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA). NowSecure CEO Andrew Hoog covered key laws, rules, and regulations that cover mobile devices, apps, and data on slide six of his “Compliance in the mobile enterprise: Five tips to prepare for your next audit” webinar.
“Apple today released iOS 10.2 to the public, marking the launch of the second major update to the iOS 10 operating system since it launched.”
Details about the vulnerabilities patched with iOS 10.2 are available on Apple’s website.
“In September, Yahoo had the unfortunate distinction of disclosing an enormous 500 million-account breach. Tough stuff. Somehow, though, the company seems to have topped even that staggering figure.”
Yahoo reportedly resisted implementing stronger security controls for fear that irritating users would decrease utilization. Now at risk of a valuation haircut in their acquisition by Verizon due to data breaches (one of which is cited as the largest ever), it seems Yahoo chose poorly. User experience and security are intrinsically linked — a good user experience IS a secure one. Customer experience and security work together to deliver brand equity.
“For their part, if CMOs and marketers want to ride on the wave of mobile commerce growth while protecting brand reputation, they should own the challenge and work closely with engineers and developers to drive a more reliable, seamless consumer experience on mobile.”
The compromise of at least one billion Yahoo accounts resulted in shares falling six percent and Verizon questioning its willingness to pay $4.8 billion for Yahoo’s core internet business – concrete evidence of brand damage. As this article explains, mobile security risk is more than an IT issue. It’s a threat to the entire business. Executives, from CMOs to digital leaders broadly, have a professional and ethical responsibility to deliver secure customer experiences.
“A group of computer scientists at the National Institute of Standards and Technology (NIST) has been working for more than 15 years on an impossible task: to maintain an up-to-date archive of the world’s software.”
“Rising demand will allow insurance firms to raise prices between 5% and 10% in 2017, with larger increases for retailers and health-care companies.”
“Google Brillo gets a new name, a developer preview, and a source code drop.”
Citi App users get more biometric authentication options
“The update allows users to log in by using biometric authentication, including fingerprint, voice, and facial recognition. This should help alleviate the kinds of security concerns that can hinder adoption of mobile banking apps.”
“XCTest framework is one of those frameworks that enables its users to write basic unit, performance and some level of UI tests for iOS apps. And as always, frameworks that couple tightly with their development tool and environment has some pros and cons that users should be aware of.”
“For us, we view our software as being a very important asset for us. And also for consumers who are purchasing the game, we want to make sure that we’re able to offer it to them in a way that the software is secure, and that they’re able to play it in a stable environment.”
“Cybersecurity requirements for presidential smartphones could limit Trump’s use of an app like Twitter, but President Trump also could ignore any recommendations that inhibit his use of social media.”
The Perfect Weapon: How Russian Cyberpower Invaded the U.S.
(The New York Times)
“A Times investigation reveals missed signals, slow responses and a continuing underestimation of the seriousness of a campaign to disrupt the 2016 presidential election.”
More Than 200 Mobile Websites And Apps Leaked Personally Identifiable Information
(Information Security Buzz)
“The findings, available in the 2017 Mobile Leak Report, reveal more than 200 mobile websites and apps that were exposing sensitive consumer and enterprise information over the past year.”
If you like #MobSec5, subscribe now to receive #MobSec5 and other updates in your inbox.