This week’s top mobile security news that matters includes:
- A new PCI Security standard
- Lonely hearts left vulnerable to eavesdropping
- iOS update gives control over the iPhone slowdown back to the consumer
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
PCI Security Standards Council Eyes PINs
“According to the PCI Security Standards Council, key security requirements in the standard include actively monitoring the service, isolating the PIN from other account data, ensuring the software security of the PIN app and protecting the PIN and account data.”
“Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts.”
Two of the three leaky apps revealed in this article expose user information due to the use of a third-party library. A recent study of mobile apps on the app stores revealed that while it is common to use third-party libraries, not all of them are safe to use. It’s important to know if common apps use unsafe third-party libraries, since these could easily weaken the security posture of the apps and reveal sensitive user information. To see if your business is exposed to risk, request a free report for one mobile app on the Apple App Store or Google Play.
“Tim Cook is making good on a promise to let users opt out of Apple slowing down their iPhones.”
Announcing turndown of the deprecated Google Safe Browsing APIs
(Google Online Security Blog)
“Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must transition to the v4 API prior to this date.”
“A lack of security protections in Tinder’s mobile app is leaving lonely hearts vulnerable to eavesdropping.”
This isn’t the first time that Tinder’s mobile apps have been vulnerable. Back in 2016, hackers could tamper with the app to circumvent payment for a premium account, threatening the revenue stream for the apps. Now, researchers have found that the iOS and Android apps lack a standard HTTPS-everywhere approach, so photos, swipes, and matches are exposed.
A recent study of mobile apps on the app store revealed that 48% have issues with protecting data in transit. More popular apps have issues with data at rest or are at risk for tampering. Check out the study to find more stats on the security posture of mobile apps in the app stores.
“In a new survey released by JP Morgan Chase & Co., more than 61 percent of 400 responding traders say they’re “somewhat” or “extremely” likely to use a mobile trading app in 2018.”
“We first learned of this issue by way of a video posted on Twitter, which showed a Prime Exclusive G5 Plus being unlocked without the owner’s fingerprint being registered after a lockscreen ad was opened.”
“Google Play Apps and others could steal money and data from victims. App stores are hosting blacklisted Bitcoin apps which leave users open to hacks.”
French city rolls out app for reporting crime, Europe News & Top Stories
(The Straits Times)
“It could be the future of public security. A new mobile phone app, Reporty, is being tested in the French Riviera city of Nice.”
“Let’s get back to the future – you’re the heir of a family convenience store in the 80s.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.