Nearly half of mobile apps have improper encryption


by CBR Staff Writer| 05 February 2014

Openly exposed vulnerabilities dropped by 6% last year.

Around 46% of mobile applications have been found to be using improper encryption, a new HP study revealed.

According to the latest Cyber Risk Report 2013, mobile app developers often neglect to use encryption when storing confidential information on mobile devices and rely on vulnerable algorithms to do so, or exploit tougher encryption capabilities, leaving them less effective.

HP Enterprise Security Products chief technology officer Jacob West said adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface.

"The industry must band together to proactively share security intelligence and tactics in order to disrupt malicious activities driven by the growing underground marketplace," West said.

The report added that the overall openly exposed vulnerabilities dropped by 6%, with the high-severity vulnerabilities dropping by 9% during 2013.

HP research also found that about 80% of applications comprised vulnerabilities embedded outside their source code.

Among all browsers, Internet Explorer topped the list of highly targeted entities by HP Zero Day Initiative (ZDI) vulnerability, accounting for over half of vulnerabilities acquired by the programme.

The report also added that Sandbox bypass vulnerabilities, which are mainly caused by insecure reflection would turn out to be the most prolific issue in the Java framework.

Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.