HP: 90% of Apple iOS
mobile apps show security vulnerabilities
By Ellen Messmer,
Nov. 18, 2012
HP has conducted
extensive testing on more than 2,000 Apple iOS mobile apps. HP found
that 90% of these apps had serious security flaws. HP found that 97%
of the apps inappropriately accessed private information. HP found
that 86% of the apps lack means to protect themselves for common
attacks such as SQL injection or Cross Site Scripting. Three fourths
did not use encryption properly, leaving data unencrypted on the
device. Others did not implement SSL/HTTPS correctly. HP attributed
the poor security problems to the rush of business to get apps out
quickly. HP stated that Apple does provide security guidelines to
developers but that the guidelines did not go far enough. Company are
extending the web presence to mobile devices but are also expanding
their attack surface. The HP report said, “It is our earnest belief
that the pace and cost of development in the mobile space has
hampered security efforts, mobile application security is still in
its infancy.”
No comments:
Post a Comment