Mobile Applications & Security Vulnerabilities

Mobile Applications and Security Vulnerabilities

Mobile Applications & Security Vulnerabilities

There are over 2 billion smartphone users in the world today. The enormous rise in the use of smartphones globally has also led to a surge in the usage of mobile applications. There are over 2.2 million Android based applications in Google PlayStore and over 2 million iOS applications in Apple’s AppStore.
Applications, in general, are becoming a dominant form of digital interaction and hence applications are not just limited to smartphones. Applications are developed and used for wearable devices, for devices connected in Internet Of Things, Smart Cities and Smart homes, etc. These devices communicate with each other via applications which makes security in applications all the more important. Security is critical in applications and therefore applications need to be without any security vulnerabilities, but that is not the case. Application do have security vulnerabilities.

Some of the common security vulnerabilities in mobile applications are explained below.

Weak Server-side Components:

Mobile applications communicate to the servers using APIs. The communication requests from APIs need to be properly verified and authenticated before allowing an access to back-end services. Absence of proper security verification and authentication would lead to security vulnerabilities.

Weak server-side security vulnerabilities include Cross-site scripting and forgery, weak authentication system, injection attacks, etc.

Data Leakage and bad storage practices:

Mobile applications collect a lot of data. Some of the data collected by applications is required for them to function, but there is also unnecessary data collected which is a cause of concern. It is critical that the collection of data by apps doesn’t compromise a user’s privacy. An unsecured app could leak the user’s private data. There have been various researches and studies which show how mobile apps have been collecting user’s personal information and then leaking the same data to agencies or third-parties.

Here are some common ways mobile applications expose user data:

Using a misconfigured or insecure ad and/or analytics framework. A framework which is not properly configured or doesn’t proper security measures could be a potential security vulnerability to collect and expose user’s personal and sensitive information.

Unencrypted data transmission from between the app and the back-end server.

Unnecessary logging by the applications becomes a vulnerable point to expose data to unauthorized third-parties.
Android applications have an option of storing the data on external storage which is a point of vulnerability because the applications cannot trust that files have not been modified.

When users sync their data to a cloud platform which is not secure increases vulnerabilities of exposing the data to unauthorized access.

Weak Encryption & Security Protocols:

Mobile applications become prone to external attacks in absence of strong encryption algorithms and security protocols. Attackers use information stored in the cookies and environment variables to bypass the security and access the data on the mobile device. Mobile applications needs to built with latest and strong encryption algorithms which meet the modern security requirements.

Below are some facts as per HPE 2016 Cyber Security Report:

52.1% of applications accessed geolocation data
70% of education applications on iOS accessed geolocation data
11.5% of applications accessed contacts
40.9% of social networking applications accessed contacts
19.8% of finance applications accessed contacts
16.3% of applications accessed calendar data
41.9% of iOS game applications accessed calendar data
52% of iOS weather applications accessed calendar data
61.7% of applications used ad or analytics frameworks to expose data
64.8% of health applications used ad or analytics libraries to expose data
53.2% of medical applications used ad or analytics libraries to expose data
43.8% of finance applications used ad or analytics libraries to expose data
94.8% of applications include logging methods
70.6% of applications can access external storage

(Link to the detailed report: https://saas.hpe.com/sites/default/files/resources/files/Mobile%20Report%20ver%2010.2.pdf)

-Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Wearable Technology & Security Concerns

The use of wearable technology has been on a rise in last few years, and so are the security concerns that come along.

What is Wearable Technology?

The terms ‘wearable technology‘, ‘wearable devices‘, ‘wearable gadgets‘, or simply ‘wearables‘ are referred to the class of electronic technology devices that can be worn on the body. Wearables are created by integrating technology or computers into clothing and accessories which can be easily worn around the body.

[blockquote author=”” link=”” target=”_blank”]Wearable technology is most often advocated as one of the greatest application of Internet Of Things considering the fact that wearables have the potential to completely transform the way we live, today and in future.[/blockquote]

Although these wearable gadgets can perform same computing tasks as mobile devices and laptop computers, but wearables are primarily designed to track health and fitness related information. The sophisticated modern wearable tracking devices are made up of smart sensors and scanning features which help track physiological functions of the body. Therefore, helping consumers achieve their health and fitness goals.

Examples of Wearable Gadgets?

Below are some of the wearable gadgets available in the market that are most commonly used.

Fitness Trackers: Fitness Trackers help in monitoring exercises and physical activities by tracking biofeedback from the body. They are based on sensors and are worn around the wrist, connected wirelessly to the smartphone via bluetooth displaying health and fitness related information on the smartphone application.
Smart-watches: The modern smart-watches are not designed just to display the time, but is door to your digital world. Smart-watches are worn around the wrist and connected to your smartphone, and generally displays notifications from phone calls, messages, emails and social media.

Some other types of wearables are sports watches, smart jewellery, implantables, etc.

What are the security concerns of Wearable Technology?

No doubt that the use of wearable technology is on a rise, and there has been an increase in the popularity of wearable devices. But along with the popularity growth of wearables there has been in an increase in the concern over security with such devices.

While wearables such as fitness trackers, smart-watches, sports watches, smart clothing provide great benefits to the consumers, at the same time consumers need to be cautious about the possible security concerns of wearable devices. Most of these wearable gadgets are Bluetooth enabled and connect to the Internet, they are vulnerable in absence of proper security measures like encryption and authentication.

Wearable devices such as fitness trackers monitor and track activities and health related information of consumers all around the clock, therefore huge amount of private and sensitive data is collected and stored by these devices.

[blockquote author=”” link=”” target=”_blank”]This makes wearables an attractive target for hackers to get unauthorized access to this private information and monetize it.[/blockquote]

In absence of strong security measures, hackers could manage to get access to these health records and make money by selling these records.

Some of the known security vulnerabilities in wearables are: SQL Injection, Phishing, Buffer Overflow Attacks, etc.
Consumers also need to be cautious about allowing manufacturers of such wearable devices permission to share their information with third-parties. Reputed and well-known brands usually implement appropriate security and privacy measures. Consumers should avoid low-cost and poorly designed wearable devices that may possibly create security threats.

-Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Blockchain Technology and Cyber Security

Blockchain technology was first introduced in digital currencies or crypto-currencies (Bitcoins) in the year 2009.

What is Blockchain?

Blockchain technology was first introduced in digital currencies or crypto-currencies (Bitcoins) in the year 2009.

Crypto-currencies, like bitcoin, are currencies that exist only in the digital world. These are not physical tangible currencies that move from one hand to another. People make transactions in the digital world and transactions are verified and based on a consensus mechanism in the massive peer-to-peer network.

The crypto-currency bitcoin is based on blockchain technology. The transactions in bitcoin happen by changing the ownership creating a record in the blockchain. The blockchain in the crypto-currency system are managed by distributed nodes, all holding a digital ledger of the entire blockchain. Blockchain is a decentralized distributed database system secured using cryptographic technology. Since the blocks are distributed across the world and there is no centralization of the data and the fact that blockchain system uses cryptography to keep transactions secure, makes blockchain system one of the most talked about and revolutionary concepts in the current age.

[blockquote author=”” link=”” target=”_blank”]Blockchain technology is the backbone technology behind Bitcoin![/blockquote]

Blockchain technology goes far beyond the crypto-currencies, it is going to revolutionize the digital interactions in coming years. Blockchain technology will revolutionize the cyber security and has the potential to disrupt many industries.

Blockchain definition: A blockchain is a type of distributed ledger, comprised of unchangable, digitally recorded data in packages called blocks. These blocks are stored in a linear chain and each block in the chain contains data which is cryptographically hashed. The blocks of hashed data draw upon the block just before in the chain, ensuring all data in the overall blockchain is not tampered with and remains unchangeable.

Cyber Security and Blockchain Technology

Cyber Security has been a growing concern for individuals, business organizations and governments in recent times. As state-sponsored surveillances, hacking, security bugs, online frauds and malicious codes have become increasingly common these days, the demand for a more robust and a reliable security system has become critically important.

With Internet of Things, Smart Houses and Smart Cities concepts coming to reality today and our increased dependency on computer-driven systems, a strong and robust cyber security has become a need of the hour. According to a study by Gartner the number of things connected to Internet was 4.9 billion in 2015, and forecast the number would reach 25 billion by the year 2020. Each of these things connected to the internet is a vulnerability and provides a potential threat to the whole system. Therefore it becomes critical strengthen and make cyber security more efficient.

Online breaches and security attacks into traditional banking systems have resulted into a lot of people losing their hard-earned money. In the past number of e-commerce systems have also been affected due to cyber attacks. Personal information and private communication of a lot users has been accessed unauthorizedly either by illegal hackers or due to government surveillances. All these online breaches, hacks or cyber attacks were possible because of weak and inefficient cyber security system in place. Also, because of the fact that the system or platform was centralized in nature and hence easier for the hacker to take control over.

[blockquote author=”” link=”” target=”_blank”]This is where Blockchain comes in and provides a viable alternative. Blockchain technology alleviates a lot of cyber security concerns because of its decentralized and distributed system.[/blockquote]

A way forward to secure these computer-driven systems is decentralization and distribution of data. Since blockchain based systems are distributed in nature, they could effectively play a greater role in creating robust cyber security systems. In a typical blockchain system, data is kept on various systems and servers across the world, thus removing a central point of control. Blockchains could also be used in secure communication systems by distributing workloads and creating consensus mechanism in the control systems. Acquiring consensus of all of the network is impossible for a hacker to achieve, hence saving the system from being taken over by unauthorized parties.

Cyber Security of the future is going to be revolutionized by Blockchain technology. Decentralization, distribution of data systems, and consensus mechanism in blockchain make it a very popular weapon for cyber security specialists.

Blockchain technology is still in its nascent stage but it surely is a technology with a potential to watch out for in the future!

– Captain Krypto 🙂

Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

What are different VPN Protocols?

VPN solutions are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security. Some of the VPN protocols commonly used are explained below:

Internet Protocol Security or IPSec:

Internet Protocol Security or IPSec is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by authenticating the session and encrypts each data packet during the connection.
IPSec operates in two modes, Transport mode and Tunneling mode, to protect data transfer between two different networks. The transport mode encrypts the message in the data packet and the tunneling mode encrypts the entire data packet. IPSec can also be used with other security protocols to enhance the security system.

Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel.

Point – to – Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. SSL and TLS protocol is most commonly used by online shopping websites and service providers. Web browsers switch to SSL with ease and with almost no action required from the user, since web browsers come integrated with SSL and TLS. SSL connections have https in the beginning of the URL instead of http.

OpenVPN:

OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Site connections. It uses a custom security protocol based on SSL and TLS protocol.

Secure Shell (SSH):

Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.

How to stay safe on a public WiFi Network using a VPN?

Public WiFi networks hotspots like the ones you would find in a coffee shop or in a hotel room are not as safe and secure as one might believe they would be.

Most public WiFi network hotspots are insecure and open since they lack public WiFi security encryption. It is easiest to hack or snoop into your connection when you are connected through a public WiFi network.

[blockquote author=”” link=”” target=”_blank”]Even if there is a username and password for the connection, you are still at risk because you are sharing the network with a number of other people. So, how do you stay safe on a public WiFi network? We will explain how you can secure your connection using a VPN when you are connected to a public WiFi network hotspot[/blockquote]

How do I secure my Internet connection on a public WiFi hotspot?

You can secure your Internet connection on a public WiFi network hotspot by using a Virtual Private Network or VPN service. A VPN service will ensure that all your Internet traffic and communication is encrypted and remains safe and insulated from snoopers and hackers. VPN services use many security/encryption protocols to create security layers to protect your data from prying eyes.

Using a VPN service is the best method one can think of to secure your connection on a public WiFi network. A VPN service will create an encrypted tunnel through which an encrypted data transfer will take place and all communication will be routed through a VPN server. This leaves no chance for hacker to gain an illegal access to your data and connection. Even if they manage to access your data, it will be in an encrypted format and they would not be able to decipher the data.

So, next time you are connected to a public WiFi network, all you need to use a VPN service on the device you want to use for Internet browsing while you are connected to the public WiFi. Most of the VPN services are available for computers, mobile and tablet devices as well. All you need to do is install a VPN client application on your device and activate it. Once your VPN connection is active and you are connected to a VPN server, all your Internet browsing traffic and communication will be transferred from your device to the VPN server through an encrypted tunnel (created by the VPN) based on strong security protocols.

VPN One Click is one of the popular VPN services available which is used by over 10 million users globally, and uses strong encryption protocols like IPSec, L2TP/IPSec, PPTP, OpenVPN for encryption. VPN One Click has been in the market since 2011 and has VPN servers located in 29 countries.

[hr height=”15″ style=”zigzag” line=”default” themecolor=”1″]

How to download VPN One Click?

VPN One Click is available and compatible with almost all devices and platforms, and can be installed easily without any hassles. Its just a one click installation with VPN One Click.

VPN One Click is available to install from Apple App Store, Android PlayStore, Windows Store, Kindle, Mac App Store, etc. VPN One Click can also be installed directly from its website: https://www.vpnoneclick.com/download/

Please comment below if you have any concerns or want to add something to the topic.

Good luck and cheers. 🙂