Tag : iOS Application Security

iStock_000006232984Small

Mobile Friday: Google Waze Hacked By Technion Students

Mar 28, 2014 By Sharon Solomon | Waze has come a long way since its launch back in 2008. Winner of the Best Overall Mobile App award at the 2013 Mobile World Congress, the Israeli based startup was sold to Google last year for a whopping $1.3 Billion. Unfortunately, two students from the Technion have revealed a huge security issue in the popular app.   The revolutionary Israeli navigation software made waves by integrating social networking into its user interface and enabling commercial collaborations with strategic businesses. Even Google couldn’t afford to stay indifferent to the app’s massive potential. Everything was looking bright until Shir Yadid and Meital Ben-Sinai, software engineering students at the Technion Institute of Technology in Israel, found a glaring loophole in the application. Waze are aware of the POC, but have not released any security patches so far.

</Read More>
iStock_000035552198Small

Mobile Friday: WhatsApp Alternatives Not Really Safe

Mar 07, 2014 By Sharon Solomon | WhatsApp now belongs to Facebook and the acquisition has raised some serious concerns regarding the privacy of the app’s users. Facebook is not really commenting on the issue, causing more and more people to look at alternate solutions. Unfortunately, the alternatives are not really secure. Compatible with Android, iOS, Windows Mobile, Blackberry and even the outdated Symbian, WhatsApp has over 450 million active users. It’s estimated that more than a million people download the app and start using the chat client every day.

</Read More>
iPhone

Mobile Friday: iOS Apps Riskier Than Android Ones

Feb 28, 2014 By Sharon Solomon | The mobile app markets are booming. More and more developers are shifting their focus towards smartphone and tablet software. Despite the common belief that Apple has the safest mobile platform, an in-depth research by Appthority has shown that iOS apps are more vulnerable than Android ones. Appthority is a leading application security analysis provider that recently compared the security levels in iOS and Android platforms. Security related app behaviors, such as location tracking and data sharing, were researched and analyzed.

</Read More>
ios-keylogging-244x300

Second Major iOS Security Flaw Found, No Update Yet

Feb 25, 2014 By Sarah Vonnegut | Apple is having quite a rough week. While security world is still reeling from this past week’s vulnerability discovery and fix, researchers have identified yet another security flaw in Apple’s iOS that attackers could exploit to remotely monitor a user.
With this newly discovered vulnerability, hackers are able to log a user’s keystrokes, including touch inputs and button uses, using a ‘host’ app. The exploit targets a flaw in iOS’s multitasking capabilities to capture user inputs and send them to a remote server. The attacker could then use the data to recreate every action and character the user inputs.

</Read More>
iStock_000028848854Small-226x300

Crypto Flaws For All & The Weeks Other Security News

Feb 23, 2014 By Sarah Vonnegut | SSL encryption was the name of the security game this week, with major vulnerabilities –now fixed – facing both iOS and WhatsApp users and Neiman Marcus released a new analysis of their recent breach – and apparently someone was NOT paying attention. Catch up on all last week’s stories before RSA USA takes over your life!

</Read More>
Flappy-Bird

Mobile Friday: Flappy Bird Still Maliciously Flapping

Feb 14, 2014 By Sharon Solomon | The simplistic and straightforward Flappy Bird defied all odds and became one of the most popular games of early 2014. The sudden discontinuation of the app has disappointed millions of fans. But where there is disappointment, there is cybercrime potential. The single-player game conquered the mobile gamer’s hearts with its simple “Super Mario” type of gameplay, which has always proved to be compelling. Despite earning over $50,000 a day in in-game advertising revenue, the game was discontinued.

</Read More>
Starbucks

Starbucks iOS App Vulnerability Exposed

Jan 22, 2014 By Sharon Solomon | App security has become a sensitive topic as more and more private information is being shared by users. Even minor vulnerabilities can be exploited and used to harvest sensitive data for criminal or commercial purposes. The latest high-profile loophole was exposed in the Starbucks iOS app.  The vulnerability was found by Daniel E. Wood, a security expert who researches and shares information on the net. His blog post explained the problem with the Starbucks iOS app, which saved user data elements in an insecure way. Thousands of Starbucks customers who use the app to send eGifts or make payments were taken aback with the revelations. The global coffee giant didn’t waste any time and delivered a safer version of the app within days.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.