The security of the most popular travel apps for both Android and iOS seriously flawed, according to research from Bluebox. Travel apps have changed a lot over the years and now offer a variety of options, such as booking flights and hotels. Now these apps get advanced options this provides new security risks and increases the attack surface.
For the study looked Bluebox the ten most popular travel apps for both Android and iOS. Only one of the ten Android apps pale 'data at rest' to encrypt the device, while none of the iOS apps did. It also showed that using two of the ten Android apps and one of the ten iOS apps Certificate Pinning. Certificate Pinning ensures that an app checks the certificate of the server so that it communicates with the appropriate server. This is to prevent man-in-the-middle attacks.
According to the researchers is to integrate a best practice to Certificate Pinning in the app, but it appears that the developers of travel apps to do this. Even in the three-apps that may apply the technique it appears that it is only used for a portion of the network connection, so that the rest of compounds is unprotected. The survey shows that most travel apps with code from other developers have been made and not 'in-house developed. This increases the attack surface.
The researchers conclude that the security of mobile apps is still in its infancy and travel apps, in particular, to tighten up security. Consumers who receive these apps are advised to only download apps from Google Play or the Apple App Store, use the latest version of operating system and application, be careful about using public Wi-Fi networks and untrusted certificate authorities switch.
No comments:
Post a Comment