Published on June 2nd, 2020 📆 | 5588 Views ⚑
0New Android vulnerability called StrandHogg 2.0 identified (Includes interview)
The vulnerability has been included in the May 2020 Android Security Bulletin (CVE-2020-0096) and it represents a significant risk to consumer devices. To understand more about the risk, Digital Journal spoke with Sam Bakken, Senior Product Marketing Manager at OneSpan. Bakken responsible for OneSpanâs mobile app security portfolio. OneSpan develop security and anti-fraud solutions for more than half of the worldâs top 100 banks and thousands of other enterprises.
Bakken begins my explaining why smartphone apps are targeted by hackers: âMobile apps practically have a target painted on their back. Promonâs recent malware vulnerability discovery dubbed âStrandHogg 2.0â is the latest example of what dangerous malware could do if exploited in the wild â possibly exposing Android usersâ mobile banking credentials and access one-time-passwords sent via SMS."
Bakken looks at how apps and devices can be better protected going forwards: "With While the potential for damage is pretty clear, there are steps app developers can take to protect apps and users against threats such as these. Android users should update their device to the latest version of Android. Unfortunately, depending on the device manufacturer and a userâs service provider/carrier that may not be possible. This is why app developers and especially developers of mobile financial services apps need to take note."
However, there will remain cybersecurity concerns with mobile apps, as Bakken explains: "This latest vulnerability serves as a reminder that thereâs no reliable way to know the precise security status of mobile devices on which your mobile app operates. Developers have no real way of knowing whether a userâs device is riddled with vulnerabilities, or compromised with malware or not. This is why advanced security such as app shielding and runtime protection that travels with the app to defend it even in hostile conditions is crucial to a complete, layered approach to mobile app security.â
Gloss