HP Research Reveals Nine out of 0 Mobile Applications Vulnerable to Attack
18/11/2013
NEW YORK - HP today released results from a research study revealing that mobile applications represent a real security threat, with vulnerabilities affecting nine out of 10 mobile applications published by a representative sample of companies on the Forbes Global 2000.
According to the study, 97 percent of the mobile applications tested accessed at least one private information source within a device, and 86 percent of those applications did not have adequate security measures in place to protect them from the most common exploits.
As computing becomes borderless, adversaries are increasingly bypassing perimeter security with ease and taking advantage of vulnerabilities brought on by the growing number of applications and entry points. According to Gartner, Inc., mobile app stores will see annual downloads reach 102 billion in 2013, up from 64 billion in 2012.(1) This spike in demand is pushing business managers to dramatically increase the speed at which they deploy mobile applications, and driving more of the development to third parties. This results in less oversight of security, and emphasizes the need for a mobile security strategy that enables businesses to go from fast to market to secure and fast to market.
While mobile devices are becoming more and more critical to conducting business, they are also becoming prime targets for attack, with vulnerable applications providing access to sensitive data, said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP. Mobile applications now are the first line of defense against the adversary and organizations must be equipped to assess, assure and protect these applications to prevent damage from exploits.
Sensitive corporate data and personal information are often housed side by side on insecure devices. This introduces unnecessary vulnerabilities that can be easily resolved if they are identified and addressed. The HP research study leveraged HP Fortify on Demand to scan more than 2,100 mobile applications from more than 600 companies, revealing alarming realities regarding the sheer number of applications vulnerable to attack.
The most common and easily addressable vulnerability sources reported include:
Privacy issues: Of 2,107 mobile applications scanned, 97 percent accessed private data sources including personal address books, social media pages and connectivity options like Bluetooth or Wi-Fi. Of those applications, 86 percent did not have adequate security measures in place to protect them from the most common exploits, such as misuse of unencrypted data, cross-site scripting and insecure transmission of data.
Lack of binary protections: 86 percent of applications tested lacked binary hardening, leaving applications vulnerable to information disclosure, buffer overflows and poor performance. To ensure security throughout the life cycle of the application, it is essential to build in the best security practices from conception.
Insecure data storage: 75 percent of applications did not use proper encryption techniques when storing data on mobile devices, which leaves unencrypted data accessible to an attacker. This data includes passwords, personal information, session tokens, documents, chat logs and photos. Unencrypted data that is seen and used by a malicious attacker can violate numerous corporate governance policies as well as compromise the reputation of the enterprise if sensitive trade secrets are leaked to competitors, the media or any other variety of recipients with negative consequences.
Transport security: 18 percent of applications tested sent user names and passwords over HTTP. Of the remaining 82 percent, 18 percent incorrectly implemented SSL/HTTPS. These unprotected credentials are typically used not only for the mobile applications but also by their web application counterparts. This further compounds the issue, since malicious attackers on the same network could then sniff that data.
Laying the groundwork for a basic mobile application security strategy allows organizations to identify vulnerabilities before they are exploited. Nearly all vulnerabilities can be found and remediated by simply running a security assessment test before releasing or procuring a mobile application. This can identify the most common vulnerabilities and assess whether data is being passed maliciously or stored insecurely. HP Fortify on Demand for Mobile enables organizations to assess vulnerabilities across mobile applications, assure security flaws are resolved before deployment, and protect applications from attacks once in production.
Software development is not a perfect science-but it was imperative that we had a robust security assurance process in place to protect our credit union members, said Atul Varde, SVP and CIO, Affinity Credit Union. With emerging technologies such as mobile applications, where things are changing at a very rapid pace, the sort of independent experience and oversight that HP Fortify on Demand provides makes the whole process more secure.
Methodology
Conducted by HP Security Research (HPSR), the mobile application security study tested the security posture of 2,107 applications published by 601 companies on the Forbes Global 2000. The companies represented 50 countries across 76 industries. Applications were selected from 22 categories such as productivity and social networking, and were tested using the HP Fortify on Demand automated binary and dynamic analysis engine. Application testing was conducted during October and November 2013.
Additional information about mobile application security and further details resulting from the study are available at www.hp.com/go/fortifymobile.
(1) Gartner Press Release; Gartner Says Mobile App Stores Will See Annual Download
Most recent headlines
04/08/2024
Dalet Appoints Santiago Solanas as CEO to Lead Next Era of Growth and Innovation
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet and Veritone Reach Agreement to Distribute, Transact and Monetize Media Archives
Dalet, a leading technology and service provider for media-rich organizations, a...
17/05/2024
FCC Plans to Revise LPTV Rules
The FCC has issued a Notice of Proposed Rulemaking (NPRM) that would revise rules governing low power TV stations (LPTV) in a number of areas, including online ...
17/05/2024
Demystifying Post-Production: Introducing Cinema 4D Particles Week 4
Demystifying Post-Production: Introducing Cinema 4D Particles Week 4 Brie Clayton May 17, 2024 0 Comments With the spring release of Maxon One, we...
17/05/2024
Takashi Yamazaki Film Godzilla Minus One Graded with DaVinci Resolve Studio
Takashi Yamazaki Film Godzilla Minus One Graded with DaVinci Resolve Studio Brie Clayton May 17, 2024 0 Comments Hero image credit: 2023 TOHO CO., LT...
17/05/2024
Sterling Event Group Streamlines Live Event Productions with AJA
Sterling Event Group Streamlines Live Event Productions with AJA Brie Clayton May 17, 2024 0 Comments Live event productions only happen once, which ...
17/05/2024
Meet the product manager
Muster Ngobi, product manager at LYNX Technik tells TVBEurope how the ever-evolving media industry provides a truly dynamic working environment By Matthew Corr...
17/05/2024
TV, Streaming Schedule for 2024 NFL Regular Season Is Released
NEW YORK As declines in linear TV viewing make the ongoing popularity of live sports, particularly football, central to financial success of the TV industry, th...
17/05/2024
Netflix Ad Tier Hits 40M Monthly Active Users
During Netflixs second Upfront presentation to advertisers, Amy Reinhard, Netflix's president of advertising, walked advertisers through the continued growt...
17/05/2024
Scripps Promotes Jeff Kiernan to VP, Local News
CINCINNATI The E.W. Scripps Company has added to its leadership team for news by promoting Jeff Kiernan a veteran journalist and general manager of Scripps'...
17/05/2024
Survey: New Disney-Fox-WBD Sports Streamer May Hurt Pay TV Sub Counts
Top executives from Disney, Fox and Warner Bros. Discovery have consistently insisted that their joint venture to launch the Venu Sports streaming bundle in the...
17/05/2024
Caitlin Clark's WNBA Debut Set Viewing Records
ESPN has announced that its coverage of Caitlin Clark's WNBA debut in the Indiana Fever versus the Connecticut Sun season opener was the most-watched WNBA g...
17/05/2024
ATEM Mini Extreme ISO switcher and Blackmagic Pocket Cinema Camera 4K
ATEM Mini Extreme ISO switcher and Blackmagic Pocket Cinema Camera 4K Brie Clayton May 16, 2024 0 Comments Blackmagic Design announced today that Yoic...
17/05/2024
Pixomondo's Virtual Production Academy Expands with Programs at Sony PCL, Vook, and Vancouver Film School
Pixomondo's Virtual Production Academy Expands with Programs at Sony PCL, Vo...
17/05/2024
WBD Upfront Show Offers Peeks at House of the Dragon,' White Lotus,' Biden-Trump Debate
The Warner Bros. Discovery upfront presentation took place Wednesday, May 15 at ...
17/05/2024
The Black Keys, Jelly Roll, Kate Hudson Set To Perform on The Voice' Finale
Season 25 of The Voice wraps on NBC Tuesday, May 21, with performances from The Black Keys, Jelly Roll, Kate Hudson, Lainey Wilson, Muni Long, Thomas Rhett and ...
17/05/2024
CNN Boss Mark Thompson's Plan Includes More News in More Categories on More Devices (Upfronts)
New CNN CEO Mark Thompson spelled out his plan for the struggling news network d...
17/05/2024
Netflix To Launch In-House Advertising Tech Platform
Netflix, a newcomer to the advertising business, said it plans to launch an in-house advertising technology platform....
17/05/2024
Netflix Plots TV Takeover at Upfront Presentation
Netflix shared some programming projects at an upfront presentation in New York. Those include the basketball-themed comedy series Running Point, a Mindy Kaling...
17/05/2024
Plex Geek Week Sale Offers 20% Off Plex Lifetime Pass
Plex is offering movie and music collectors a 20% discount off its Lifetime Plex Pass as part of its Geek Week sale....
17/05/2024
GroupM Names Toby Jenner as President, GroupM Clients
Giant media buyer GroupM said it named Toby Jenner as global president, Group M Clients, a new position at the company....
17/05/2024
Clients of Independent Agencies Boost Programmatic Buying
Smaller advertisers are increasingly buying connected TV programmatically, according to a new report from FreeWheel, Comcast's ad-tech unit....
17/05/2024
TCLtvPlus Adds Streaming Music Channels From Vevo
TCLtvPlus, the streaming app on smart TVs made by TCL, has added live linear channel from music-video programmer Vevo....
17/05/2024
StackAdapt Adopts Data From Samba TV for Programmatic Campaigns
StackAdapt said it made a deal to integrate data from Samba TV into its programmatic advertising platform....
17/05/2024
Skeem Saam: Thursday's episode, 16 May 2024 [video]
Skeem Saam: Thursday's episode, 16 May 2024 [video]Missed an episode of Skeem Saam? No problem! Watch the latest episode of your favourite South African soa...
17/05/2024
Prison Journalism: Letter to my mothers
Prison Journalism: Letter to my mothersThabo Mthembu was incarcerated in Pollsmoor Prison from 2014 to 2019. Read Thabo's story by Thabo Mthembu 17-05-20...
17/05/2024
Paul McCartney becomes UK's first billionaire musician
Paul McCartney becomes UK's first billionaire musicianMusic icon Paul McCartney has become the UK's first billionaire musician, according to the Sunday ...
17/05/2024
Tonight on Smoke and Mirrors: Sakhile advises Tiny against sabotaging Petunia
Tonight on Smoke and Mirrors: Sakhile advises Tiny against sabotaging PetuniaDon't miss Friday, 17 May's riveting episode of South African soapie Smoke ...
17/05/2024
RT'S Operation Transformation comes to a close after 17 seasons
RT has today announced that Operation Transformation (OT) is to end after 17 seasons. As series come to an end each year, RT undertakes an editorial review to...
17/05/2024
Studio One: Your Binaural Beats Lab
By Craig Anderton When I heard about binaural beats, I was interested-I like beats, and I'm into binaural audio. But this has nothing to do with either o...
17/05/2024
May 16, 2024
Scripps Research chemist Donna Blackmond elected to the Royal Society of the U.K. Blackmond's wide-ranging work has shaped origin of life theories, our unde...
16/05/2024
Power Provokes Vital Questions About the Role of Police
PARK CITY, UTAH - JANUARY 18: Director Yance Ford introduces the Power premiere at Library Center Theatre. (Photo by Chad Salvador/Shutterstock for Sundance F...
16/05/2024
Mental Health Matters: Embrace Self-Care With These Audiobook and Podcast Listens
May is Mental Health Awareness month, a time to recognize those living with ment...
16/05/2024
ABC and SBS bring digital radio (DAB+) services to the Gold Coast
ABC and SBS bring digital radio (DAB ) services to the Gold Coast 15 May, 2024 Media releases ABC and SBS today announced that audiences on the Gold Coast ...
16/05/2024
Clear-Com Communication Solutions Enhance Oregon State University's PRAx Building
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
16/05/2024
6 New Clearmountain's Domain Presets
Share this article width=32 height=32 data-lazy-src=https://apogeedigital.com/app/themes/juniper-theme/src/img/icons/facebook-purple.svg /> width=32 height=...
16/05/2024
Updated: Netflix to Stream Live Christmas Day NFL Games
In a major example of how large streaming services are successfully battling for lucrative sports rights, Netflix has announced that it has secured global right...
16/05/2024
ESPN, Fox, WBD Unveil Name for New Sports Streaming Service
LOS ANGELES & NEW YORK More than three months after announcing plans to launch a major new sports streaming service, ESPN, Fox Corp. and Warner Bros. Discovery,...
16/05/2024
CTV/Streaming Top of Mind for Marketers in 2024
In a survey conducted late last year, marketing companies said their main focus for increasing advertising would be CTV/streaming. Generative AI, which was not ...
16/05/2024
CPB Issues More Grants for Next-Generation Warning
Three public radio and one public television outlet are the latest recipients of funding from the Corporation for Public Broadcasting to upgrade their emergency...
16/05/2024
A year in live HDR production
John Mailhot, senior vice president, product management at Imagine Communications, gives an insight into how HDR is impacting live production today, as well as ...
16/05/2024
Sony Pictures Post Production Services Completes Expansion of its Sound Facilities
Sony Pictures Post Production Services Completes Expansion of its Sound Faciliti...
16/05/2024
Telestream Taps Power of AI to Manage, Define Media Workflows
TV Tech recently sat down with Telestream CEO Rhonda Bassett-Spiers and CTO Simon Clark to discuss how the M&E industry is adapting the cloud, IP and AI to enha...
16/05/2024
1185 Films launches one stop shop' for industry talent
1185 Talent will include directors, editors, colourists, VFX artists and photographers By Jenny Priestley Published: May 16, 2024 1185 Talent will include...
16/05/2024
Updated: Presteigne Broadcast Hire enters administration
The administrators said they are focused on trading the business as a going concern while they assess options, including exploring the possibility of a sale By...
16/05/2024
AWS CEO Adam Selipsky steps down
Selipsky will leave the company on 3rd June, and will be succeeded by Matt Garman, a senior vice president who has overseen sales and marketing at AWS By Jenny...
16/05/2024
Sony Pictures Post Production Services Completes Sound Facilities Expansion
Sony Pictures Post Production Services has announced that the final phase of a multi-year effort to expand and modernize its motion picture and television sound...
16/05/2024
CNN, ABC to Televise Two Presidential Debates
President Joe Biden and Former President Donald Trump have agreed to participate in two televised debates, the first of which will be hosted by CNN on June 17....
16/05/2024
Disney+ Debuts First Concert Film to Stream with IMAX Enhanced Sound
BURBANK, Calif. and NEW YORK Disney+, IMAX Corporation, and DTS, a wholly-owned subsidiary of Xperi, have announced that Queen Rock Montreal is now streaming ...
16/05/2024
WBD Unveils Advanced Advertising Features for Max
NEW YORK During its upfronts presentation, Warner Bros. Discovery announced a suite of new advanced ad products available on Max, that include shoppable ads, ad...