ID: IRCNE2013112018
Date: 2013-11-20
According to "techworld", HP says security testing it conducted on more than 2,000 Apple iOS mobile apps developed for commercial use by some 600 large companies in 50 countries showed that nine out of 10 had serious vulnerabilities.
Mike Armistead, HP vice president and general manager, said testing was done on apps from 22 iTunes App Store categories that are used for business-to-consumer or business-to-business purposes, such as banking or retailing. HP said 97% of these apps inappropriately accessed private information sources within a device, and 86% proved to be vulnerable to attacks such as SQL injection.
The Apple guidelines for developing iOS apps help developers but this doesn't go far enough in terms of security, says Armistead. Mobile apps are being used to extend the corporate website to mobile devices, but companies in the process "are opening up their attack surfaces," he says.
In its summary of the testing, HP said 86% of the apps tested lacked the means to protect themselves from common exploits, such as misuse of encrypted data, cross-site scripting and insecure transmission of data.
Three quarters "did not use proper encryption techniques when storing data on mobile devices, which leaves unencrypted data accessible to an attacker." A large number of the apps didn't implement SSL/HTTPS correctly. To discover weaknesses in apps, developers need to involve practices such as app scanning for security, penetration testing and a secure coding development life-cycle approach, HP advises.
- 3