Leading Enterprise Mobile Security Firm Finds Popular Travel Apps Put User Data at Significant Risk, Offers Businesses and Employees Advice in Time for Upcoming Travel Season
SAN FRANCISCO, CA--(Marketwired - Sep 15, 2015) - Bluebox Security®, the mobile app security and analytics company first to pioneer self-defending apps for consumers, BYOD employees and the extended enterprise, today released findings from its 2015 Travel App Security Study that highlight the deficient security stance of the top 10 most popular mobile apps for travel in both Android and iOS devices [1]. Bluebox's comprehensive research of more than a dozen security parameters revealed critical flaws present in all of the apps examined.
Travel apps, and consumer-facing apps in general, have changed significantly in recent years to make life easier for the consumer, with frequent updates to enhance usability and features. But in too many cases rapid advancements in these apps have completely overlooked security, increasingly creating numerous points of entry for attackers to access sensitive data.
Top Travel App Security Risks
The results of the Bluebox study show that the defensive measures in these popular travel apps remain in their infancy with an apparent need to reassess these safeguards. The Bluebox analysis uncovered many alarming discoveries including:
"All of the apps we reviewed could be modified and changed to act in ways other than what the developers intended, putting sensitive information at risk regardless of device," said Andrew Blaich, lead security analyst at Bluebox Security. "Data must be protected at the application level and security should be integrated into the development process. Without it, users -- enterprise employees and consumers alike -- could suffer damaging loss of important and personal information."
Bluebox Security safeguards data, at rest or in transit, within mobile apps. Organizations utilize Bluebox to transform any mobile app into a self-defending app with enterprise grade security to protect app data, and to defend against and respond to emerging mobile attacks. Spanning third party, internal and consumer apps built for and by the enterprise, Bluebox works directly with vendors and developers to secure the apps critical to enabling today's mobile-centric engagements.
Advice to Enterprise Security Teams
Bluebox Security offers recommended best practices for enterprise security teams that can be applied to any mobile app developed by an organization, and can help prevent the security issues discovered in the Travel App Security Study.
Advice to Employees
With bring your own device (BYOD) becoming a standard for organizations of all kinds, employees who download apps as consumers must also realize these apps can become an attack vector to the enterprise once they connect their mobile devices to the workplace ecosystem. With this in mind, employees should be aware of the source of their apps, confirming they come from certified Android or iOS app stores. They should also ensure they are using the latest available version of the app and OS in order to be covered by the most current security measures. Finally, employees should be cautious about using free un-secured wireless networks and should disable any certificate authorities they don't trust. [4]
To access the full whitepaper and detailed findings on the 2015 Travel App Security Study, please visit http://offers.bluebox.com/resource-top-travel-apps.html.
Notes
[1] Based on App Annie "iOS Top App Charts" and "Google Play Top App Charts" in 2015
[2] http://www.scmagazine.com/critical-remote-code-execution-vulnerabilities-in-stagefright-exploitable-on-95-percent-of-android-devices/article/428786/
[3] https://bluebox.com/blog/business/masque-attack-targets-ios-apps/
[4] https://bluebox.com/blog/technical/trust-managers/
Additional Resources
About Bluebox Security
Founded in 2012 by a team of security experts, Bluebox Security provides the leading mobile app security and management solution. Pairing deep mobile security expertise with dynamic app management, Bluebox ensures that enterprise security moves at the speed of mobile. The cloud-based solution helps enterprises securely enable mobile by protecting apps, detecting threats and responding quickly to keep data secure. Bluebox Security has received a total of $27.5 million in funding from Andreessen Horowitz, Tenaya Capital, Sun Microsystems co-founder, Andreas Bechtolsheim, SV Angel, and Google Board member Ram Shriram. The company is headquartered in San Francisco.
Contact Information:
Media Contact
Christine McKeown
Highwire PR for Bluebox
(415) 671-9707
bluebox@highwirepr.com