Tag : iPhone

Secure iOS App Development

40 Tips You Must Know About Secure iOS App Development

Nov 10, 2015 By Sharon Solomon | The iPhone is arguably the most desired smartphone on the planet today, thanks to its shiny metallic hardware and user-friendly iOS 9 mobile platform. Despite Google leading the numbers-game with its open-source Android mobile platform, iOS is often considered to be the safer of the two due to Apple’s stricter security policy and its willingness to sacrifice customizability for the cause. But even this platform has its fair share of vulnerabilities and potential security loopholes that need to be addressed by the developers.

</Read More>
phone with key on white background. Isolated 3D image

Mobile Security In Limbo With Coding Vulnerabilities Galore

Jun 24, 2015 By Sharon Solomon | It’s no secret is that the smartphone is the modern man’s best friend. Over 7 billion mobile devices are being used today all around the world and they are multiplying 5 times faster than human beings. With the astronomical amounts of private information being transferred worldwide, the need for strong mobile security has become paramount. Unfortunately, the news about new vulnerabilities and high-profile breaches are raining down on us.

</Read More>
Image

Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Oct 21, 2014 By Sharon Solomon | Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as Pakistan’s “Top Ethical Hacking Prodigy”, has been in the headlines recently for exposing two vulnerabilities in Android’s stock (AOSP) browser. These security loopholes allow hackers to steal the mobile user’s session cookie, enabling them to perform a wide variety of malicious actions including identity theft.   The Pakistani AppSec expert, currently an undergraduate student who spends his free time honing his research skills, was also kind enough to take Checkmarx’s questions and provide an in-depth view into how he revealed the aforementioned vulnerabilities in the world’s most popular mobile OS.  

</Read More>
Viber

Mobile Sunday: Viber Encryption Troubles Putting Millions at Risk

May 04, 2014 By Sharon Solomon | The Viber instant messaging app has become a household name, with over 200 million downloads worldwide. This cross-platform software is also compatible with desktops and provides unique functionality. But researchers at the University of New Haven have now exposed the lack of data encryption in the popular mobile app, a serious security problem. This is the second IM vulnerability exposed by the UNH experts this month, with the previous one being found in the WhatsApp messenger. The Facebook-owned service was found to give away user location in an unencrypted and open form. Viber is now feeling the heat. Hackers can easily perform man-in-the-middle attacks to harvest sensitive user data. Its even possible to retrieve messages including photos, videos and location-related data from the Viber servers.

</Read More>
iStock_000016812416Small

Mobile Sunday: GoogolPlex Hack Takes Siri To Risky Levels

Apr 27, 2014 By Sharon Solomon | Imagine unlocking your car by simply talking to your iPhone. Or would you rather chat with your washing machine or dish-washer while at work? All these actions can soon become possible thanks to an innovative Siri hack called GoogolPlex, which was developed and implemented by a group of American youngsters. GoogolPlex was recently demonstrated by a group of freshmen from the University of Pennsylvania – Ajay Patel, Alex Sands, Ben Hsu and Gagan Gupta. They managed to manipulate the Siri feature, which is preinstalled in all Apple devices running the latest iOS 7 software. While very convenient and functional, this unofficial hack can potentially enable cybercriminals to infiltrate people’s homes and cars to achieve harmful results. Apple has refused to comment on the revelations and no security patch has been released so far.

</Read More>
HiRes1

Mind Your Fingers. Samsung Galaxy S5 Fingerprint Scanner Exploited

Apr 22, 2014 By Sharon Solomon | Fingerprint scanners are becoming the rage in the smartphone industry. Apple introduced its proprietary sensor in its flagship 5s device last year and Samsung has done it recently with its new Galaxy S5 model. But its not all good news. The Korean manufacturer’s latest security solution can be rendered useless with a simple home-made PCB mould.  

</Read More>
Heartbleed-4-300x300

Top 5 in Security: Your Weekly Update

Apr 11, 2014 By Sarah Vonnegut | The security industry took a massive hit this week with the Heartbleed bug, and while it took most of the focus, there’s some notable news that you may have missed. Here are your top 5 security stories of the week:

</Read More>
iStock_000016829158Small

Mobile Sunday: New iOS 7 Vulnerability Exposed

Apr 06, 2014 By Sharon Solomon | Smartphones have become “man’s best friend” over the last few years. There is almost no daily task that doesn’t involve the usage of apps and instant messaging. Unfortunately, this also has raised the amount of mobile phone robberies and tampering. Hacking is evolving, but the “traditional” thefts and mishaps are still a big threat. Phone manufacturers are implementing tools such as lockscreens and passwords to deny unwanted access to phones. The iPhone 5s even has a unique fingerprint scanner which needs to be swiped in order to unlock the phone. Apple phones also have “Find my iPhone” software. This feature allows the user to remotely lock the phone if lost in a public place or after being robbed. Unfortunately, a serious vulnerability has been exposed in this welcome feature.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.