Happy New Year! We hope 2019 is your best year yet.
Curious what’s in store for mobile appsec and DevSecOps in the future? If so, you’ll want to register for our upcoming January 23 webinar, “Mobile App Security Predictions 2019,” where NowSecure executives and experts will highlight the trends and threats they feel will most affect the mobile appsec landscape this year.
Here are just a few predictions from NowSecure staff to start your new year. What are your predictions for mobile app security throughout 2019? We’d love to hear from you and share those during our webinar later this month.
Your highlights for the week are as follows:
- Android apps transmit personal data to Facebook
- Automation will improve application security
- New USB-C authentication enforces charger and cable compliance
- Twitter flaw leaves accounts susceptible to SMS attack
- IoT vulnerability enables hackers to control hot tubs
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“Privacy International tested 34 popular Android apps and found that two-thirds send data to Facebook as soon as they are launched. It makes no difference if people are logged out of Facebook, or don’t have an account.”
Also this week, the Wall Street Journal found that a popular weather app requests an unusual amount of data, including International Mobile Equipment Identity (IMEI) numbers, location, and email addresses. The app allegedly subscribed users of budget smartphones to paid services without permission. These recent threats to privacy emphasize the need for corporations to thoroughly vet the mobile apps their employees install on any mobile device used for business. Get a free security report for the Android or iOS app of your choice today.
Automation to take center stage in application security
ComputerWorld Hong Kong
“27% of global developers release new code monthly or faster, while 35% of them build multiple times per day or during check-in. This means that any kind of manual intervention to determine security quality will be frustrating for developers and will either cause them to skirt or refuse security scanning altogether.”
Gain advice about adopting a phased approach to DevSecOps for mobile apps in this ebook and learn how the NowSecure solution bakes security into the CI/CD pipeline with automated mobile appsec testing.
“Several security experts have warned that a bad actor with a malicious version of the standard power adapter or charge cable could easily damage your computer or another USB-C device, even deliver malware to it in just a few seconds. A new USB-C Authentication certification introduced today by the USB Implementers Forum (USB-IF) seeks to put an end to that.”
Twitter is Broken
The AntiSocial Engineer
“If a criminal wanted to post scams on Twitter they would just have to spoof your phone number and send a message to Twitter. There is no complicated hack. It’s just broken.”
“A fix is coming later this year for tubs running a system made by Balboa Water Group after hackers discovered they could hijack the system and take control of the pumps and lights in the hot tubs.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.