Richard Taylor

COVID-19 App User Anonymity Mandates App Authentication

Sat 04 April 2020 By Richard Taylor

Category: Business, Threats, API, API Abuse, API Security

With smartphone usage now a global phenomenon, mobile apps and connectivity are common denominators binding people the world over. And as the world’s nations grapple with the common dilemma of how to manage the ongoing pandemic of coronavirus or COVID-19, it’s little wonder that governments and health authorities across the planet are turning to mobile app technology as a weapon in their crisis management arsenal.

Read More

Let's Fight COVID-19 With Apps - Privately

Fri 03 April 2020 By Richard Taylor

Category: News, Threats, API, Mobile App Development, API Security

Photo by CDC on Unsplash

In recent weeks we have been following the race to build contact tracing smartphone apps in the worldwide fight against COVID-19. Such apps are a powerful weapon in controlling the growth of infection by automating the scaling of the contact tracing process. By tracking interactions between people, the apps allow instant user notification if they have recently been in close proximity with anyone later diagnosed with COVID-19. This allows immediate social distancing or self isolation measures to be instituted for that potential infected user, slowing the spread of the virus. It would have been better if these apps were widely available during the initial phase of the pandemic, but they may still have a crucial role to play as we eventually emerge from full lockdown We have some specific suggestions about how this can be achieved while maintaining citizen anonymity.

Read More

THE SPECTRE OF THE ZYGOTE

Wed 10 January 2018 By Richard Taylor

Category: Threats

In part1 of this blog I provided an overview of the Meltdown and Spectre and in this blog I look at the potential impact for mobile security.

Read More

YOU JUST NEED TO SPECULATE TO EXFILTRATE

Tue 09 January 2018 By Richard Taylor

Category: Threats

There is much to discuss in the wake of the security news flow last week. It was dominated by the Meltdown and Spectre CPU bug announcements — 2018 has certainly got off to an interesting start. In part one of this two part blog I will look at these bugs from a high level. In part two I shine the spotlight on the implications for mobile security, and for Android in particular.

Read More

ARE YOU HUMAN, ROBOT OR JUST IMPATIENT?

Tue 28 November 2017 By Richard Taylor

Category: Integration, Business

Recently I was doing some API analysis on a video sharing app aimed at the teenage market. As is typical in these types of apps, before you can do anything you need to sign up with an account. You’d think that would be straightforward enough, right?

Read More

SWIPE LEFT TO SCRAPE

Tue 02 May 2017 By Richard Taylor

Category: Scrapers, Bots, Threats

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code.

Read More

HOW TO RIDE THE BUS FOR FREE (HACKERS NEED NOT APPLY)

Mon 01 May 2017 By Richard Taylor

Category: Mobile App Authentication

(Image by Cory Doctorow licensed under CC BY 2.0)

Read More

RICHER CLIENT, POORER SECURITY?

Wed 19 April 2017 By Richard Taylor

Category: News, Mobile App Authentication, Threats

(Image courtesy of Steve F)

Read More

GRAND THEFT AUTO IRL: TESLA AND NISSANS INSECURE AUTOMOTIVE APPS

Wed 12 April 2017 By Richard Taylor

Category: Mobile App Authentication, Threats

(Image by Nam-ho Park)

Read More

DIGITAL HEALTHCARE: MU3 AND API SECURITY

Fri 10 March 2017 By Richard Taylor

Category: Integration

There is a revolution underway in healthcare in the USA. At its heart is MU3, Meaningful Use Stage 3 of the Electronic Health Record incentive program. One of the goals of this program is to empower patients and give them greater access to their medical records. Healthcare providers will have a legal responsibility to allow patients to access their data and they also have a responsibility to ensure the security of the data they provide. They have to walk a fine line between ease of access and security, and they have to do it by 2018.

Read More

Page 2 of 3