In honor of National Cybersecurity Awareness Month, we’d like to highlight yet another risk to mobile security: that of the global IT security skills shortage. As many as 3.5 million cybersecurity jobs may go unfilled by 2021, according to Cybersecurity Ventures.
To conquer the skills shortage, companies should consider new pools of talent and technological innovations to fill vital cybersecurity gaps. Options include seeking out veterans, women, broadening the scope, developing internally and automating security functions. You can find our detailed tips here.
Your highlights from the week are as follows:
- WhatsApp fixes Android and iOS video call exploit
- Google limits developer access to SMS and call log APIs
- Employers can take these steps to guard against mobile phishing
- Try these top security apps for locking down your Android device
- Which smartphone is more secure — Apple or Android?
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“WhatsApp developers have fixed a bug in the Android and iOS versions of the WhatsApp mobile app that allowed hackers to take over the application when users answered an incoming video call.”
The What’sApp vulnerability was triggered when the app received a malformed Real-time Transport Protocol packet that triggered a corruption error. Unfortunately our data shows that the vast majority of mobile apps have security issues. DevOps and security teams need better tools to build safe mobile apps and assess their security. Learn more about our automated mobile appsec testing.
“The biggest developer-facing change is likely to be the SMS and call log API access restrictions, paired with the planned death of portions of the Contacts Provider API, which goes into effect this coming January 7th. In short, some Call Log and SMS data can only be accessed by apps set as “default” for those actions — though there are exceptions like backup or voicemail apps.”
“With banking details, phone numbers and email addresses all commonly stored on them, a successful attack on an employee’s smartphone could have devastating consequences, both for that individual and for your organisation. This threat is even more daunting considering that the click rate for suspicious URLs on mobile has increased 85% year-over-year since 2011.”
Best apps for securing Android and managing privacy settings
“Our picks to secure your mobile devices include tools for encrypting your Internet traffic, guarding your online privacy, ensuring no one can snoop on your text messages or video calls, and managing your passwords. Think of these apps as your Android Internet privacy starter kit.”
“Because Android prides itself on being open-source to a degree, their Play store is much easier to get apps added to and this has resulted in malicious apps slipping past security screenings. Contrary to Android’s Play store, the app store for iPhones is much more restrictive, requiring in-depth security scanning of all applications before distribution.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.