Posts about

Bots

Mobile Auction Apps: Scalping And Sniping

May 6, 2020

The eBay concept first came to light as a browser based auction platform, giving sellers a chance to offer their goods to potential buyers from across the globe, before making the transition to become one of the world’s most popular mobile auction apps. Others have since emerged, with mobile auction apps giving event organisers the tools to simplify setup and management, and buyers the simplicity and speed of making bids and performing transactions with the swipe of a finger. Of course, every financial opportunity throws itself open to dishonest practices -- and mobile auction apps are no exception. Scalping and sniping are two of the major issues faced by mobile auction operators. Read Full Story

Protecting Personal Information & Sensitive Data In Mobile Health Apps

April 20, 2020

Recent years have seen a move towards cloud platforms and mobile health apps for citizens -- applications and data processing systems that enable ordinary people to interact with their health providers, make appointments with medical professionals, order prescriptions, and gain on-demand access to their medical records. The ongoing COVID-19 pandemic is putting greater emphasis on this trend, as citizens clamour for the latest news, advice, and best practices, while government and health organisations look to digital technologies to help them develop treatment protocols, track the progress of the virus spread, and monitor the condition of all those affected. Read Full Story

Top 5 Threats to APIs Servicing Mobile Apps

March 29, 2020

  As mobile apps become increasingly paramount to operating successfully in today’s markets, a big question mark over API security is raised. Gartner has previously predicted that by 2022, “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” Since every mobile app out there is powered by APIs, securing them is clearly a top priority. Read Full Story

Blockchain renders online votes immutable, including fake votes!

March 19, 2020

“It's the wave of the future,” declared the US State of West Virginia's Secretary of State of following a limited deployment of a blockchain-based voting app for the state's general midterm elections. For cybersecurity and election integrity advocates, however, the move was “an example of all the things states shouldn’t do when it comes to securing their elections.” Read Full Story

The Top 6 Mobile API Protection Techniques - Are They Enough?

December 22, 2018

APIs are a necessary and central part of the strategy of any digital business that wants to stay competitive and monetize its assets. Additionally, end users’ form factor of choice when using digital services is now firmly mobile. The trend towards APIs and mobile devices has moved the attack surface in a significant way and digital businesses must adapt and evolve their security policies accordingly. Read Full Story

Approov in Parallel With User Authentication

January 22, 2018

In my last post in this series, I introduced Approov, the app authentication solution, and described how it tackles the problem of API protection in a novel and proactive way. In this post, I want to focus on the reasons API publishers need app authentication as part of their mobile security defense, and specifically why it should work alongside user authentication. In our discussions with new customers we often find that we need to explain the difference between the two as well as the contributions that each one provides. Read Full Story

If You Can't Make It, Fake It

November 22, 2017

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers. Read Full Story

Swipe Left to Scrape

May 2, 2017

Yesterday morning security forums reported news that an AI researcher had published a dataset of 40,000 photos that had been scraped from the dating app Tinder. The purpose was simply to extract a real world data set that can be used for training Convolutional Neural Networks (CNN) to tell the difference between men and women. This seems innocent enough, although the author's choice of variable naming caused a bit of a stir. He quickly changed the variable name "hoe" to "subject" soon after the story broke. Apparently this original naming was inherited from the Tinder Auto-Liker code. Read Full Story

The Problem of API Abuse

October 18, 2016

The number of devices connected to the internet has exploded in recent years as everyone becomes permanently attached to their phone or tablet. As the number of mobile users has increased, there has been movement away from websites towards mobile apps. Large companies can gain more information about users when they use their app, and can also provide a more fully featured experience by offering offline functionality or by making use of the phone’s camera, accelerometer or GPS. Users tend to prefer them as well because they offer a richer experience.  Read Full Story

Simple App Authentication

September 26, 2016

Suppose your mobile app relies on a back-end server that holds sensitive data or just data that you do not want to be manipulated or copied freely. You trust your own app to do everything right, but what about bots exploiting your API or if someone steals and subverts your app? Read Full Story