Improper Usage of SSL Common Among Mobile Apps

Posted by Stefanie Kober Thu, 12 Mar 2015 13:27:00 GMT


Mobile apps have become engrained in society. For most people, using them daily has become second nature. You may even use them excessively, trusting big names like Facebook and Twitter and never second-guessing the security of your personal information. Sometimes these apps entice us with entertainment value and we lose sight of security. You can take additional safety precautions such as accessing the content of these apps on a secure VPN and using up-to-date software, but what happens when the apps themselves are vulnerable to attacks? What happens when apps don’t implement SSL connections properly?

Unfortunately, this is more common than you may think.

In January 2015, Intel Security’s McAfee Labs tested the 25 most popular apps and found that 18 were riddled with SSL security problems. Hackers keen to this vulnerability were disguised under the alleged security of SSL. App developers were not fully aware of the flaws in their SSL implementation; developers seldom doubt the safety of their code as long as it fulfills its function and is encrypted. 

Vice President and CTO of Intel Security, Raj Samani states, "You could argue this didn't occur here because [developers] used SSL, which is good. They just didn't implement it correctly, which is unfortunate given the developer resources for Android app development from Google."

Often when the success of an application in the market is the primary desire of neophyte app developers, security is an afterthought. With the prevalence of cyber attacks on mobile applications, developers should instead place security at the forefront of their development plans. After all, one data breach or cyber attack on a mobile app has the power to permanently damage its reputation in the marketplace.
Because of how common it is to not properly implement SSL, HOB offers developers the HOB eSecure SDK (Software Development Kit). It supports you in developing highly secure Apps and provides you with the unique HOB WebSecureProxy. The HOB eSecure SDK Software Development Kit contains two main components: A Software Development Kit for the integration of SSL routines for the client side, and authentication routines for the desired authentication on the server side using the HOB WebSecureProxy, the server component of HOB RD VPN. Central components of HOB WebSecureProxy are certified in accordance with the Common Criteria EAL4+ by the German Federal Office for Information Security.

More information is available on the HOB website.

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment