Of 10 travel apps reviewed, Bluebox Security found security is a ‘second-class factor’
WASHINGTON – A new report published by mobile security and application management firm Bluebox Security raises questions as to whether app companies are investing enough in security. In a report published Sept. 15, the researchers found the world’s 10 most-popular travel apps have glaring security flaws.
To learn more about the issue, RCR Wireless News sat down with Andrew Blaich, Bluebox’s lead security analyst.
“We did a little bit of research in the app ecosystem where we wanted to see what kind of security protection is in place in apps, or rather what protections are not in place,” Blaich said. “We selected the category of travel apps as a nice area to research primarily because now is the busy travel season, and these apps are used by both consumers and enterprises every day for multiple things like airline booking, payments for hotels, restaurants and ride sharing.”
Blaich laid out how Bluebox research uncovered a worrying pattern across all 10 apps.
“We noticed that overall security is a second-class factor when apps are being developed,” Blaich said. “We looked at a variety of different factors including third-party coders, data exposure and are they exposing or not protecting data they’re saving on the device like log in or credit card information. We also looked at network transactions seeing if someone could go in a sniff this data out of a network transaction as well.
“Overall, the apps don’t have any protection in place at this time,” he said, adding that the lack of focus on security in the app’s initial construction and subsequent disregard for maintaining security once the app is released has left potentially millions of people exposed to cyber criminals.
A recent Cisco Systems report found mobile cybercrime has increased greatly because of the proliferation of smartphones and the ease of developing apps. Third-party malware apps and standard apps with the security issues that Blaich’s team uncovered, can leave millions of people exposed to identity theft, ransomware and fraud.
Blaich’s advice for consumers: Don’t click on phishing e-mails or texts; avoid third-party downloads; and exercise common sense when browsing the app store you use. Blaich and Bluebox Security also are encouraging more app development companies to put security at the top of the list when developing new apps, not at the bottom.
