Mobile Security

Read about the latest news and trends in the Mobile AppSec arena, where we follow the direction of mobile cybercrime, where the state of mobile security is today, and where we're headed tomorrow.

Gaping Security Flaw in WhatsApp on Android Let Other Apps Steal Your Messages

Mar 13, 2014 By Sarah Vonnegut | If you’re using WhatsApp on an Android – even after yesterday’s update – your chats are prone to being downloaded by others, a security consultant has discovered.  Bas Bosschert, CTO and consultant at Double Think, along with his brother, discovered this exploit after wondering if it would be possible to upload and read someone’s WhatsApp chats from another app. With a proof of concept on his blog, he proved it was easily possible.

Read More »

Mobile Friday: WhatsApp Alternatives Not Really Safe

Mar 07, 2014 By Sharon Solomon | WhatsApp now belongs to Facebook and the acquisition has raised some serious concerns regarding the privacy of the app’s users. Facebook is not really commenting on the issue, causing more and more people to look at alternate solutions. Unfortunately, the alternatives are not really secure. Compatible with Android, iOS, Windows Mobile, Blackberry and even the outdated Symbian, WhatsApp has over 450 million active users. It’s estimated that more than a million people download the app and start using the chat client every day.

Read More »

Mobile Friday: iOS Apps Riskier Than Android Ones

Feb 28, 2014 By Sharon Solomon | The mobile app markets are booming. More and more developers are shifting their focus towards smartphone and tablet software. Despite the common belief that Apple has the safest mobile platform, an in-depth research by Appthority has shown that iOS apps are more vulnerable than Android ones. Appthority is a leading application security analysis provider that recently compared the security levels in iOS and Android platforms. Security related app behaviors, such as location tracking and data sharing, were researched and analyzed.

Read More »

Second Major iOS Security Flaw Found, No Update Yet

Feb 25, 2014 By Sarah Vonnegut | Apple is having quite a rough week. While security world is still reeling from this past week’s vulnerability discovery and fix, researchers have identified yet another security flaw in Apple’s iOS that attackers could exploit to remotely monitor a user.
With this newly discovered vulnerability, hackers are able to log a user’s keystrokes, including touch inputs and button uses, using a ‘host’ app. The exploit targets a flaw in iOS’s multitasking capabilities to capture user inputs and send them to a remote server. The attacker could then use the data to recreate every action and character the user inputs.

Read More »

Mobile Friday: Flappy Bird Still Maliciously Flapping

Feb 14, 2014 By Sharon Solomon | The simplistic and straightforward Flappy Bird defied all odds and became one of the most popular games of early 2014. The sudden discontinuation of the app has disappointed millions of fans. But where there is disappointment, there is cybercrime potential. The single-player game conquered the mobile gamer’s hearts with its simple “Super Mario” type of gameplay, which has always proved to be compelling. Despite earning over $50,000 a day in in-game advertising revenue, the game was discontinued.

Read More »

Starbucks iOS App Vulnerability Exposed

Jan 22, 2014 By Sharon Solomon | App security has become a sensitive topic as more and more private information is being shared by users. Even minor vulnerabilities can be exploited and used to harvest sensitive data for criminal or commercial purposes. The latest high-profile loophole was exposed in the Starbucks iOS app.  The vulnerability was found by Daniel E. Wood, a security expert who researches and shares information on the net. His blog post explained the problem with the Starbucks iOS app, which saved user data elements in an insecure way. Thousands of Starbucks customers who use the app to send eGifts or make payments were taken aback with the revelations. The global coffee giant didn’t waste any time and delivered a safer version of the app within days.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.