In the rush to embrace technology, there can be a blind spot for potential problems. Smart phone apps have taken over the world. People love them and use them for everything from planning dinner to finding a date to paying for parking. But smart phone apps have the same security issues as any other remote pay option, and there are bugs in the system that are hard to exterminate. According to softpedia.com, in England, some parking applications for Android do not secure customers’ private information.
But as the researchers looked closer at the encryption methodology, this false sense of security was quickly shattered, since it was also discovered that these apps did not validate the certificate they got from the server, used to establish the encrypted communications channel. This leaves users exposed to MitM (Man-in-the-Middle) attacks via proxy servers. The only condition would be that the attacker was on the same network as the app’s user.
From problems with the storage of passwords to the location of encryption keys, these apps might make parking easier, but that convenience could cost a lot more than anybody expects.
No technology is safe from thieves and hackers. They will find a way to get through all but the toughest security programming. For those who choose to implement mobile applications, the task is to start with bullet-proof systems and never stop updating those systems. Huge companies like Target or Blue Shield can absorb the financial and consumer relations fallout from a data breach, but a small parking company might not have the resources.
Read the article here.
