Mobile apps are the new frontier. With every new terrain comes a lot of risks and eventually regulation. About 8% of Android apps are vulnerable to attacks as a result of weak SSL implementations, according to a new computer security study. SSL/TLS are cryptographic protocols used to secure online communications. According to Information Week Security “Security researchers in Germany analyzed 13,500 free Android apps from Google Play and found that 1,074–about 8%–contain SSL/TLS code that could potentially make them vulnerable to what’s known as a Man-in-the-Middle (MITM) attack.”
Although not a new problem, attackers are increasingly using a simple method for finding flaws in websites and applications: They Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. In Information Week Security’s report, Using Google To Find Vulnerabilities In Your IT Environment, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services–and to fix them before they can be exploited.
Violators will face fines of up to $2,500 for every non-compliant app that gets downloaded. Businesses that received the state’s privacy-warning letters this week included the airlines Delta and United Continental, as well as OpenTable, reported Bloomberg.
“Smartphones are in my opinion the greatest threat to loss of intellectual property and concern about privacy,” said Darren Hayes, an assistant professor and expert in computer forensics at Pace University. “There are mobile apps that are masked as legitimate games which compromise other data on your phone. More aggressive privacy laws may mitigate some of the risk.”
A lot of apps would have to be updated to include the privacy notice. I hope 30 days is sufficient to make the necessary changes for affected applications.
Mobile security experts and vendors said the crackdown was good for the industry, because it would boost California consumers’ confidence. California is one of the most aggressive states in the nation on privacy protection.
This could be the catalyst necessary to make other states demand greater privacy protection. The problem is always in balancing protecting privacy with limiting speech. This is only the beginning….