While this particular vulnerability does not put sensitive data at risk, it should serve as motivation for companies that do hold important personal information to assess their app security and stamp out any glaring or lingering weaknesses.
The test, a video of which can be viewed here, demonstrates how easily the Infosecurity app can be compromised through the use of widely available hacking tools, by changing the text of the ‘Messages’ section to ‘Rabbits’.
While this test was done without malicious intentions, it should serve as a wake-up call for attendees at the conference and for app providers in general, who should all look towards shoring up their app security to keep sensitive data safe.
Tom Lysemose Hansen, founder and CTO of Promon, said: “Our test was devised as a simple way of showing how savvy hackers can make a rapid and significant impact on an app which does not employ the most advanced proactive security measures. In the case of the Infosecurity app, little sensitive user data is at risk, but if, for example, a bank had neglected to build adequate protection around its app, it would effectively be presenting an open goal to cybercriminals.”
To make sure important customer data is not compromised, Hansen believes that banks and other app providers should conduct in-depth assessments of their app’s security and take proactive steps to plug any holes, given the rapidly evolving threat landscape and an ever-growing community of skilled cybercriminals.
Hansen added: “The fact that an app built for a security conference contains security flaws is indicative of a need for the wider mobile app community to take a hard look at just how watertight their apps really are. Having customer data compromised through an insecure app could have catastrophic financial and reputational consequences for an organisation.”
He concluded: “Taking a reactive approach to data breaches and relying on blacklist security is tantamount to locking the stable door after the horse has bolted. Embracing whitelist security solutions – namely taking proactive steps to enhance app security from the inside out – is the most effective step to take here. The Infosecurity app’s vulnerabilities should be a wake-up call to all app developers: find any flaws as a matter of urgency, and eliminate them before they become the cause of a major problem.”