In part1 of this blog I provided an overview of the Meltdown and Spectre and in this blog I look at the potential impact for mobile security.
There is much to discuss in the wake of the security news flow last week. It was dominated by the Meltdown and Spectre CPU bug announcements — 2018 has certainly got off to an interesting start. In part one of this two part blog I will look at these bugs from a high level. In part two I shine the spotlight on the implications for mobile security, and for Android in particular.
Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right?
Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code.
Category: Mobile App AuthenticationRead More
(Image by Nam-ho Park)
There is a revolution underway in healthcare in the USA. At its heart is MU3, Meaningful Use Stage 3 of the Electronic Health Record incentive program. One of the goals of this program is to empower patients and give them greater access to their medical records. Healthcare providers will have a legal responsibility to allow patients to access their data and they also have a responsibility to ensure the security of the data they provide. They have to walk a fine line between ease of access and security, and they have to do it by 2018.
In the world of banking, security has always been important and the recent breach at Tesco Bank is a timely reminder. With an increased appetite for regulation in the banking sector and in the realms of data protection it is becoming ever more important for responsible companies to take action to tighten up their defences against the constant threat of data theft and fraud. Regulation is becoming a powerful lever to encourage banks to have robust mechanisms in place to protect their customers. The EU's General Data Protection Regulation (GDPR) raises the possibility of heavy fines if you fail to take steps.
The number of devices connected to the internet has exploded in recent years as everyone becomes permanently attached to their phone or tablet. As the number of mobile users has increased, there has been movement away from websites towards mobile apps. Large companies can gain more information about users when they use their app, and can also provide a more fully featured experience by offering offline functionality or by making use of the phone’s camera, accelerometer or GPS. Users tend to prefer them as well because they offer a richer experience.