A flaw has been discovered in the Google maps app Waze, which allowed hackers to track a reporter for days. Paul Farrington, senior solution architect, Veracode commented on this news below.
Paul Farrington, Senior Solution Architect, Veracode
“Typically, cyber-attackers target the theft of money, intellectual property or our personal identities, but this vulnerability leaves the door open a bit closer to home – potentially revealing our whereabouts at any given time.
“As we use our smartphones for an ever-growing number of activities, so too does the risk that attackers will gain access to sensitive personal or financial information we hold on these devices. Since most smartphones have the capability to track a user’s movements, vulnerabilities like the one reported in the Waze service call in to question personal safety of users.
With the Waze security hole, it seems as though the company hasn’t adequately threat-modelled how devices can interact securely. Effectively the system was open to a ‘Man-In-The-Middle’ attack. This is an old approach to gaining access to information as it flows back and forth. The attack intercepts communication and allows the attacker to predict how both the user and the Waze system will respond. Apps are helping to fuel the digital economy, but all too often they are just not built with security in mind. What perhaps is not readily understood by software vendors is that the risks taken and the security corners that are cut, will eventually lead to a cost. In this case its reputational damage.
“While by and large, computer cyber security has been drilled into the wider public’s consciousness, too frequently the threat of mobile devices is overlooked. And this threat is real. Last year Gartner suggested more than 75 per cent of mobile applications would fail basic security tests. It’s important that individuals and businesses gain greater awareness of the inherent risks found in most mobile applications. Not only to enable them to take better steps to secure their own devices, but also to drive greater accountability for security among the companies producing these applications.”
[su_box title=”About Veracode” style=”noise” box_color=”#336588″][short_info id=’60239′ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…