Encryption in the Spotlight due to Vulnerable Android Apps

Okta
October 29, 2012

Last week, Ars Technica’s Dan Goodin published a story detailing how downloaded Android applications have the potential to expose the sensitive personal data of more than 185 million users. Vulnerabilities due to inadequate or incorrect use of SSL/TLS protocol libraries expose everything from online banking and social networking credentials to e-mail and instant-messaging contents. A group of computer scientists identified 41 applications in Google's Play Market that could leak data from an Android phone connected to webservers for banks and other online services.

In addition to the research paper that sparked the article, there was another body of research out of Stanford University and the University of Texas, which exposed additional security issues with Android apps as well as a plethora of other popular web applications, services, electronic banking sites, and more. Again, the security issues stem from the incorrect or inadequate use of SSL/TLS libraries within the applications.

Dan’s story is timely considering I just discussed the importance of encryption in my final post of the “Defining the Enterprise Cloud Service” series. As I pointed out, encryption is critical to the enterprise cloud – and for that matter critical to even the consumer apps we use daily. Both of the research articles point out just how easy it is to implement communication encryption protocols incorrectly – with potentially dire consequences.

Just seeing the number of issues related to online banking services and web apps is a bit unsettling. On one hand, consumer banking is one of the most highly regulated and insured industries around – and yes if your personal account was exploited, the bank would be able to fix it via FDIC insurance. That being said, it’s an experience I don’t want to have to deal with in any way.

Strong encryption is critical for data at rest as well – be it in the cloud, and as I would like to think, on your phone as well. It’s easy to think about in relation to how a bank secures money in its safe. The better the encryption scheme, the better the safe. The better the encryption scheme in the cloud, the safer your data.

Android users should take note. But so should every enterprise cloud company. Enterprises must make sure that every cloud service that’s adopted in their environment is encrypted throughout. While the onus is still on the providers to provide incredibly secure applications, enterprises – just like consumers – need to know what mechanisms are necessary for high security and ask whether or not their vendors employ them.

Tags

breach cloud cloud security David Baker security
Previous
Next

April 17, 2024

What Is an Identity platform?

By Okta
An Identity platform is a centralized framework that manages the digital identities of humans and devices, enabling organizations to authorize secure user…

Read now

April 15, 2024

Jumpstart Identity with automation

By Frederico Hakamine
If you’ve ever found yourself thinking “Why does this process take so long? Don’t we have computers for that?” Well, you’re probably right. The strain you’re…

Read now

April 12, 2024

SMB Identity buyer's checklist

By Frederico Hakamine
TL;DR: Identity touches every point of your business. Here’s a checklist of what you should be asking yourself when shopping for an Identity solution.   …

Read now

April 9, 2024

More than SSO: Five SaaS features you need to win enterprise customers

By Mallory Sword Glenn
There comes a time in every SaaS company's journey when they’re ready to move upmarket and start landing enterprise logos. While your app might be a winner…

Read now

April 2, 2024

SMBs at Work 2024: Which apps are powering today’s growing companies?

By Monisha Formoso
For today’s tech leaders, the future of work isn’t just a hot topic; it’s an essential one. Understanding where work is heading lets us anticipate trends,…

Read now