In the course of performing Android application security testing, I suspected that a library called libpac might be vulnerable to exploit. This vulnerability has been assigned CVE-2019-2205. Google deployed a fix and we recommend all users apply it to secure their devices against exploitation.
While corporations widely recognize the convenience and productivity enhancements that mobile applications deliver to their customers and employees, too few realize that mobile apps also can present significant security and privacy risks. It’s not difficult to find examples of mobile app data breaches that resulted in severe consequences, both in terms of money and corporate reputation. Given that smartphone apps account for 63% of total digital minutes, according to the Comscore “2019 Global State of Mobile” report, it stands to reason that attackers are going where the traffic is.
To improve the guest experience and keep pace with competition, hotels worldwide are deploying digital key technology that allows guests to skip the front desk and use their mobile apps to remotely check in and go directly into their rooms without needing key cards. However, hotel mobile apps have vulnerabilities that can be exploited, as researchers demonstrated at the Black Hat USA 2019 conference.
Managers can find guidance for mobile app security verification and testing requirements from the OWASP Mobile Security Verification Standard (MASVS). We recommend using MASVS as a starting point for developing a plan of attack and standardizing testing using the Mobile AppSec Model. Learn more about it here.
The NowSecure team is gearing up for an incredible week at Black Hat USA 2019 in Las Vegas. We’re excited to join the 22nd annual top security event to connect on all things mobile app security research, development, tools and trends.
To help you build your agenda and make the most of your time at the conference, we’ve selected several key Black Hat briefings that focus on mobile device security, enterprise mobile appsec, DevSecOps and reverse engineering. We look forward to connecting many of you with our mobile application security experts at the conference through prebooked meetings and visits to Booth #674.
While some organizations and executives may not be fully aware of all the threats to their mobile applications, the risks are real and growing. Vulnerabilities arise from code flaws, encryption errors, unsecured data transmission or data exposure. Looking back at the top five mobile breaches that have occurred over the past year helps drive home the importance of mobile application security.