7 actionable tips to prevent breach from mobile devices

Posted by Roxane Suau on December 05, 2019

Mobile users are often unaware of how vulnerable their smartphone can be. A regular mobile usage involves manipulating numerous corporate and personal data, installing apps, granting permissions, connecting to various networks, etc. But while all these can seem innocuous, common tasks and habits such as delaying an update or side-downloading an app actually come with risks.

Read More

The network threats that endanger mobile devices privacy

Posted by Roxane Suau on November 28, 2019

Along the massive growth of enterprise mobility, cybercriminals looking for valuable data naturally shifted their interest toward mobile devices. Indeed, smartphones and tablets have inherent capabilities that, when exploited illegally, can provide a direct access to all the data they manipulate. Mobile threats can operate at three different layers of a device: 78% of them use mobile applications, 10% exploit the OS and 12% leverage the network. 

From phishing attempts to the more sophisticated Man-In-The-Middle, this article presents the most common network attacks used to exfiltrate data from mobile devices in the corporate environment.

 

Read More

How to vet mobile apps before issuing them to collaborators

Posted by Roxane Suau on November 19, 2019

Cybersecurity experts are unanimous, mobile apps are hackers’ preferred vector to exfiltrate valuable data from mobile devices. Yet, the flexibility they offer makes them irreplaceable for both work and personal usages. Today, companies cannot afford to forbid public apps usages to their collaborators, even in the most sensitive industries. However, it doesn’t mean they should turn a blind eye to app-related risks.

 

Read More

Google Play’s most downloaded shopping apps irresponsibly process users’ data

Posted by The Pradeo Lab on November 14, 2019

The largest online retailers in the world offer their products through mobile applications that are used by billions of customers. As a result, nowadays 82% of internet users shop online through their mobile device, according to a Statista report.

When a mobile application handles personal and financial data, it is required by data privacy laws, such as the General Data Protection Regulation (GDPR) and the Payment Service Directive 2 (PSD2), to embed security capabilities that’ll enforce privacy by design and prevent data breach.

The Pradeo Lab looked into Google Play’s 38 most downloaded shopping apps, shredding them with its app security testing tool. The results show they overly process personal data and handle them in a poorly secure manner.

 

 

Read More

SMS OTP Authentication: Not As Safe As You May Think

Posted by Roxane Suau on November 07, 2019

Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps. The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.

 

Read More