[ad_1]
Three-quarters of mobile apps have vulnerabilities related to unsecured data storage, leaving Android and Apple iOS users open to cyber attacks that could allow hackers to steal information sensitive.
Unsecure data storage is just one of many vulnerabilities discovered by researchers at a security company after conducting security assessments of multiple mobile applications for iPhone and Google Android.
The results have been described in Vulnerabilities and threats in 2019 mobile apps report from Positive Technologies.
Unsecured data storage is by far the most common vulnerability identified in the tested applications. 76% of the people examined have demonstrated that it is a security risk, potentially putting the privacy and security of users in jeopardy.
Just over a third of applications (35%) have vulnerabilities related to unsafe transmission of sensitive data, while researchers have found that the same percentage has problems with improper implementation of the expiration. sessions.
Additional vulnerabilities detected in just under one in five applications include sensitive data stored in the source code of the application and insufficient protection against cyber attacks using brute force techniques.
The researchers rated the vulnerabilities listed above as medium risk, but 29 percent of the applications tested contained what was classified as high-risk, low-security, inter-process communication. This critical vulnerability potentially allows attackers to remotely access data processed in vulnerable mobile applications.
SEE: Mobile Device Security: Tips for IT Professionals (Free PDF)(TechRepublic)
Although this technique is generally prohibited for iOS applications, it is sometimes used – for example, social media applications sharing their functionality with other apps on the same device to help provide a faster browser experience .
In total, high-risk vulnerabilities were discovered in 38% of iOS mobile apps and 43% of Android apps, and 89% of all discovered vulnerabilities could be exploited with the help of malware. everything without any physical access to the device. put users at risk for hacking highly sensitive information.
"Developers pay special attention to software design to provide us with a smooth and convenient experience, and people willingly install mobile apps and provide personal information.
However, an alarming number of applications are extremely secure and developers are less attentive to solving this problem, "said Leigh-Anne Galloway, head of cybersecurity for resilience at Positive Technologies.
If application developers thought more about securing their products, it would go a long way toward securing mobile devices against attacks targeting application vulnerabilities – but users can also help protect themselves from hackers by be careful what they download.
"We recommend that users look closely at applications that require access to phone features or data, and if you are not sure whether an app needs access to do the job properly, refuse demand, "said Galloway.
"Users can also protect themselves by being vigilant so as not to open unknown links in chat and SMS applications, or download applications from third-party application stores." Prevention is better than cure ", she added.
READ MORE ABOUT CYBERSECURITY
Source link
