Insecure data storage causing Mobile Security vulnerabilities

    Security researchers argue that insecure storage on mobile phones is creating vulnerabilities to be exploited by hackers for accessing sensitive info from both Android and iOS apps.

    The study carried out by a security company named Positive Technologies says that 76% of mobile applications open up data to be accessed by hackers leaking out insightful info like personal data, financial info, passwords-all due to the presence of unprotected data storage on the device.

    Leigh Anne Galloway, a lead Cybersecurity researcher from Positive Technologies said that users are in a misinterpretation that data-stealing risks only arise when their phone gets stolen on a physical note. But Galloway argues that the current cyber landscape has turned much sophisticated these days as 89% of vulnerabilities could be exploited by malware- totally cutting down the need for physical access.

    Insecure transmission of sensitive data happens to be other vulnerability which is being exploited by hackers as most of the data gets transferred with the use of HTTP Communication.

    The researchers also pointed out the fact that mobile application interactions done with their servers in an insecure way is also opening up new avenues for hackers to exploit which includes cross-site scripting flaws, poor authorization, and data leakage.

    Positive Technologies recommends a methodical approach while designing the apps by application developers to counter this menace and also encourages them to test the software starting from Day 1 of the software lifecycle.

    Note- Positive Technologies is a Russia based software development firm which specializes in Information Security providing services in the field of security analysis and compliance management. Founded in the year 2002, the company has bagged the fastest growing company recognition from IDC in 2012.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display