This is the age of mobile applications that are being designed, developed and used widely for all platforms including Android, iOS and Windows. With millions of apps running in the market today, the incidents of exploitation of mobile app vulnerability are also increasing day by day so thus the need to invest in security. Last year marked to be to a year of many such cases where flaws were found in the mobile apps of big names including Starbucks, Snapchat and Ola Cabs.
It is high time to make people aware about mobile app threats and making them more concerned about investing in mobile security. It is essential to keep a check on all the vulnerabilities in order to determine what mobile app risks can exist. The major mobile app risks that exist in the industry today are either related to malicious functionality or those pertaining to the security of sensitive data, passwords, important information, etc.
Let us here discuss some of the recent incidents that have happened in the past year that show how mobile app vulnerability is being exploited. Many people do take advantage of this vulnerability of the various mobile apps for their own benefit. The list of mobile app flaws includes the big names like Starbucks, Snapchat and Ola cabs as well
In January 2014, it was discovered that the data entered by the users on the Starbucks app was being kept unencrypted within the mobile app. This opened up the possibility of any hacker retrieving this data through interceptions and dedicated attacks. The data includes usernames and passwords. The hackers can also build up a picture of the user’s movements, routine and likes/dislikes. For example, by connecting phones to their computer, hackers can track whether the user likes hazelnut syrup or cinnamon sprinkles or whatever. But, once found Starbucks strived and then conquered this issue for giving you a better user experience.
It was discovered that Snapchat was exposing its users’ numbers partially. Phone numbers of majority of the Snapchat users were found published on the site with its last two digits being censored. Also the Snapchat data was likely been downloaded by the less rigorous hackers for use in phishing and social engineering scams.
FoodPanda also became the target of hackers to get free food. Some students from IIT Hyderabad found a bug that allowed users to get orders delivered without actually making the payment.
A hacking fraud has been found out against more than 100 banks worldwide. The hackers had gained access to banks using phishing schemes and then programmed ATMs to dispense money at specific times or to transfer money to fake accounts without even raising a suspicion.
Another one in the list is that of the Ola Cabs mobile app. Security reports show that the Ola Cabs mobile app that has been available for download in the market is 42.86% unsecured. There were many bugs that were been reported during the in depth analysis for the same. The Ola Cabs mobile app has been analyzed to reveal issues related to cryptographic keys, insufficient transport layer protection and issues in SSL Certificate verifier, etc. According to the analysis regarding the problem related to the cryptographic keys, this Ola Cabs mobile app is using AES/ECB/PKCS5 padding encryption that is not considered to be that strong. Due to this, the username and password of the users get encrypted with AES and then also gets encoded into base 64.
The number of mobile devices have grown tremendously and this makes the mobile app ecosystem an exciting place for hackers. It is necessary to invest in security early on itself so that you can build a more secure app. So, take steps to invest in security and stay safe!