Mobile Malware: Is it a Serious Threat to Mobile Apps Security?

Are we learning anything from our past experiences of serious mobile malware attacks that compromised user data, credentials and privacy? We are certainly aware of the fact that Mobile Malware is becoming viral day after day. There are a number of instances where mobile malware has already compromised huge amounts of customer data, their credentials …

Continue reading

XML Injection In Android Apps – OWASP Top 10

XML stands for Extensible Markup Language and it was basically designed to describe data. XML is commonly used as a data format on the Internet. If you want to access data from the Internet, chances are that the data will be in the form of XML. If you want to send data to a Web …

Continue reading

What you should know about iOS malware XcodeGhost

Apple’s iOS App Store suffered first major attack in the form of large-scale distribution of a malware called XcodeGhost, making its way through tampered copies of Xcode, Apple’s development software. More than 300 apps in the App store have been infected, with their copies distributed worldwide among millions of users. Apple is cleaning up its …

Continue reading

The Aftermath of Stagefright in Android

Stagefright seems to be the operative phrase in security today. Discovered by Joshua J. Drake, VP of platform research and exploitation at Zimperium zLabs, it potentially impacts 95% of Android devices globally. Zimperium publically disclosed the finding at the BlackHat Conference 2015, after disclosing the bug to Google early  in April this year. The Stagefright …

Continue reading

[Case] Appvigil Saves Haptik From Becoming ‘The Next Hacked App!’

A severe security vulnerability was recently discovered by Appvigil in Haptik App, India’s WhatsApp for mobile customer support. Had the security flaw been exploited by hackers, it would have resulted in exposing sensitive user information like user credentials, agent details and conversations of about 1 lakh users, falling in wrong hands.  Appvigil found out this flaw and reported it to the …

Continue reading

[Slide] Gaana Hacked: Understanding the SQL Injection Exploit

Gaana.com is a commercial music streaming service providing free and licensed music. Gaana.com was recently hacked by a Pakistani hacker by the name of MakMan. Accounts of over 10 Million users of Gaana service were hacked into and information was made available to the public until Satyan Gajwani, the CEO of Gaana.com requested the hacker …

Continue reading

[Infographic] Five Common Techniques Using Which Apps Are Attacked

Android platform being open source, the very nature that gives the developers all over the world a chance to create creative and innovative apps, also makes it easily vulnerable for security attacks by hackers. The recent attacks on Slack, TrueCaller, Snapchat, Starbucks and other mobile apps are evident enough to show why we need to …

Continue reading

Mobile App Security: Why You Should Care?

With the increase in the dependence on smartphones, its security is becoming a major concern for users, application developers & CIOs/ CISOs alike. In addition to these concerns, encouragement of the trend called BYOD is calling enterprises to act fast on mobile app security as as close to 84% of consumers use the same smartphone for work …

Continue reading

How vulnerabilities in Starbucks’ mobile app led to fraud?

Vulnerabilities in Starbucks’ Mobile App laid pavement for a new way of fraud in the world, making the users to go on back-foot on the usage of mobile payments. How did it happen? How vulnerabilities in Starbucks’ mobile app led to fraud? The increase in technology is not only improving the performance of a user but …

Continue reading

Unintended Data Leakage through Mobile Apps – OWASP Top 10

Unintended data leakage very commonly occurs, when a mobile app developer keeps sensitive data accessible for other apps over the device. Generally, when an app processes any sensitive data in the form of input from the device user will result into placing it in an insecure location over the device. This location is obviously accessible …

Continue reading