Your highlights from the mobile app security world this week include:
- A decade in, a look back at how App Store changed the game
- IBM & Ponemon Institute release the 2018 Cost of a Data Breach Study: Global Overview
- Texas A&M researchers find web API hijacking risks within mobile apps
- Highly targeted campaign using corrupt open source MDM discovered in India
- Test run of new iOS 12 Screen Time feature produces positive results
- iOS 11.4.1 is out and includes bug fixes and security improvements
- Vendor vulnerability disclosure process under Senate scrutiny after Spectre and Meltdown stumbles
- And More!
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“Ironically, Steve Jobs was firmly against the idea of iPhones running third-party software — as Walter Isaacson wrote in his acclaimed Jobs biography, the Apple co-founder ‘didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses or pollute its integrity.’ ”
Steve Jobs’ initial concern of allowing third-party software into the iPhone ecosystem was prudent, even if end-user demands made it unrealistic. As we celebrate a decade of App Store this week, click here for data regarding what types of mobile app risks and vulnerabilities NowSecure still finds most frequently.
“In social engineering attacks the victim is tricked into clicking accept or giving the attacker physical access to a device. This campaign is of note since the malware goes to great lengths to replace specific mobile apps for data interception. Talos has worked closely with Apple on countering this threat. Apple had already actioned 3 certificates associated with this actor when Talos reached out, and quickly moved to action the two others once Talos tied them to the threat.”
“The research also found that the efficiency in identifying an incident and the speed of the response has a huge impact on its overall cost. On average, it took companies 197 days to identify a data beach and 69 days to contain it.”
The study found organizations that had deployed automated security solutions saved, on average, $1.55 million per breach than those that had not. NowSecure experts work with organizations at every phase of the mobile appsec journey, from jumpstarting a new program or to improving an existing one. You can download the full 2018 Cost of Data Breach Study sponsored by IBM and conducted by Ponemon Institute here.
Apple releases iOS 11.4.1 with USB Restricted Mode
“Today, Apple released iOS 11.4.1 for iPhones and iPads—a small update that fixes a couple bugs and introduces a new security feature. This is the fifteenth update since iOS 11 released last September. It’s available to the same devices as iOS 11.4—the iPhone 5S and later, the iPad Air and later, the iPad mini 2 and later, and 2015 iPod touch.”
“Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready.”
“Gu and his team analyzed 10,000 mobile apps and found that many of them are open to web API hijacking—something that potentially affects the privacy and security of tens of millions of business users and consumers globally.”
Check out the SUCCESS Lab to learn more about the Texas A&M team’s research and publications.
I Used Apple’s New Controls to Limit a Teenager’s iPhone Time (and It Worked!)
(The New York Times)
“Over the last three weeks, I studied Sophie’s phone use patterns along with mine. After determining the apps that we spent extraordinary amounts of time on — Sophie spent hours each day chatting with friends on Snapchat, and I wasted too much of my life reading Twitter — I placed a few time limits on each of us.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.