Tag: cyber attacks

LoopPay hack will not affect Samsung’s mobile commerce customers

Hack against LoopPay conducted by Chinese group

LoopPay has been targeted by hackers, which has caused concern among consumers using Samsung Pay. LoopPay was acquired by Samsung earlier this year, and this company’s technology is central to Samsung Pay. The hack was noted as being a sophisticated attack by a supposedly government-affiliated group in China. The actual attack occurred back in march of this year, but several events associated with the attack have been identified by LoopPay and Samsung since then.

Digital attacks continue to grow in frequency in the mobile commerce space

Digital attacks are becoming more common in the mobile commerce space, where a great deal of money is now flowing. Because many organizations involved in this space have very limited experience when it comes to mobile payments and the technology needed to secure them, they have become prime targets for malicious groups that seek to exploit the financial information of consumers. Over the years, large organizations have reported cyber attacks on their mobile payments systems, which has lead to the information of millions of consumers being compromised.

Samsung notes that the attack will not affect Samsung Pay users

Mobile Commerce - hackWhile the attack is considered significant, Samsung suggests that it is nothing more than an isolated incident. As such, the information associated with Samsung Pay itself, such as the financial details of consumers, has not been compromised. The company claims that those using Samsung Pay will not have to worry about their information being exploited, but consumers may want to take steps to ensure that their information is secure nonetheless.

Security continues to be a major issue for the mobile commerce space

Security, or lack thereof, has been a major problem that has plagued the mobile commerce space for years. Several companies have become involved in this sector, but they have not been able to keep up with the digital risks that exist therein. Without adequate security, consumers have begun to lose faith in mobile commerce as a whole, which has driven them to remain firmly within the realm of traditional commerce and e-commerce, where they are more comfortable.

Headline hacks aren’t enough for a mobile security boost

Despite the fact that there have been many high profile cases of cyber attacks, apps remain vulnerable.

A recent study conducted by Bluebox has shown that virtually no travel apps have gone to the extent of adding encrypted data to protect them from mobile security breaches, and several are made with vulnerable code.

Even though there have been countless cyber attacks in recent headlines, added security hasn’t become a priority.

The attacks to companies as large as Target and Ashley Madison could have acted like a mobile security wake up call, but it’s clear that this has not been the case. Even though the evidence is strong that mobile app security is important to consumers, and there is great concern about hacks among companies and individuals, alike, app developers don’t seem to be building it in. Bluebox, a mobile app security and analytics company has conducted an analysis that has shown that the average person is surprisingly vulnerable to hacking through mobile devices.

The focus on the mobile security study was primarily on travel apps, which showed considerable holes.

Mobile Security BoostAmong 10 top Android travel apps, Bluebox found that only one of them had encrypted the data that it was storing on the user’s device. Among 10 of the top iOS travel apps, there wasn’t a single one that had encrypted the data stored on the device. Furthermore, only 2 out of the 10 Android apps that were analyzed and only 1 of the 10 iOS apps analyzed had used certificate pinning. Bluebox explained that certificate pinning is “a key capability for securing app data in transit.”

The lead security analyst at Bluebox Security, Andrew Blaich, explained that among the most important activities of a mobile app is to ensure that it is encrypting data that is written. He also pointed out that “We also want to make sure that the data is not easily accessible at all.” Of all the apps that were analyzed in this study, only one of them had actually employed data encryption.

That said, it was pointed out that in that instance, this mobile security step was “hard-coded into the source code,” which means that it would still be simple for someone to decrypt the data from the source code.