A new update from the Federal Trade Commission (“FTC”) highlights that mobile apps remain a key security weakness. In connection with its recent investigation of mobile apps from Fandango and Credit Karma, the FTC has warned consumers that app developers (even those with the best of intentions) continue to drop the ball in ensuring security delivered matches promises and in encrypting data.
Markedly, these firms failed to validate security certificates to ensure that sensitive information, such as credit card numbers and social security numbers, was being delivered to the verified correct location. Such a hole in application security opens the door to a “man in the middle attack” that could easily allow an attacker to “spoof” traffic via an intentionally fake website, mimicking the online services, or simply just intercepting the data.
Further compounding the situation, the FTC notes that many mobile users routinely send sensitive data over open un-encrypted public Wi-Fi hotspots. This often innocent mistake can leave personal data ripe for a hacker’s taking if applications that don’t take the proper precautions to secure customer data are used and the FTC recommends users disable those settings on smartphones and tablets that allow automatic connection to nearby open Wi-Fi networks.
With the average total organizational cost of a data breach in the U.S. weighing in at $5.4 million dollars (according to a recent Ponemon 2013 Cost of Data Breach study), can you afford to take the risk that your mobile applications are not being vetted for data security?
To discuss your own mobile app security efforts, the FTC’s latest alert or how a risk assessment is a crucial step in your development process, feel free to contact us at info@SmartEdgeLawGroup.com or 203 307-2665.