December 21, 2016 - Shane Stevens
This Holiday Season Beware Prying Eyes

This holiday season’s breakout gift for the younger set, Hatchimals, were scarce even on Black Friday. However, at least in their current form they’re unlikely to spy on you. The same can’t be said for this year’s in-demand, slightly older demographic equivalent, drones.

As most of us are acutely aware, drones are naturally, albeit passively intrusive. Still, that doesn’t make them entirely benign and based on how much people talk about the all-around need for privacy, it’s hard to speak of drones and keeping sensitive information completely private. I know all about this firsthand. Let me explain.

In the interest of full disclosure, count me in among those drone devotees who thinks it’s pretty cool to steer a whisper quiet drone around the house (and in its immediate vicinity) to spy on my family as they embark on a family-friendly Nerf war. Following one side raising the obligatory white flag, I replayed the video for the family to see for themselves the many images the drone captured over the course of its journey: my nephew entering in his code to his mobile phone; a neighbor tapping away on his home’s keypad, presumably to enable or disable his alarm system; and my wife purchasing items on her tablet with a credit card. These are just a handful of instances that stood out for me and they should do much the same for you.

The bigger concern? What happens to the data that’s been collected if the app gets hacked? An article on spy toys published recently in Security Week puts a fine point on this by suggesting that Internet connected devices can collect private conversations without limitations on collection, use, or disclosure of personal information as a result of no meaningful data protection standards. Think about the impact of a cybercriminal getting access to a device to gain insightful information at their will?  I’m not sure about you, but that gives me a deep chill down my spine.

In thinking about the convergence of mobile convenience and new interactive technology, many of the product developers just want to be the first to the marketplace, thus security is a secondary thought, leaving vulnerabilities to be exploited within the mobile application/device.  With the continued increase in sophistication of hacking attacks, the Commission on Enhancing National Cybersecurity warning should ring loud and clear: Mobile security needs to be a priority today!

The world in which we live is advancing rapidly. In the age of digital transformation, it is affecting everyone and, when it comes to Wi-Fi or Cellular enabled gadgets and toys, everything. Writing in Security Week, contributor Adam Ely suggests the new endpoint is the mobile app; it’s our interface with the user and how data and transactions come into the enterprise, service provider or financial institution in the first place. As Ely further contends, protecting those apps is also our best chance to protect our mobile world by managing them, securing them, and using them to safeguard the data that end users consume and produce.

This intersection of security and the convenience of mobile apps drives peace of mind that results in customer trust along with an optimal mobile first experience. Runtime Application Self-Protection (RASP) Security is one part of our mobile app security suite that protects the integrity of mobile applications to ensure neither data nor transactions are compromised.

So whether it’s a drone, robot, an electronic game or even a banking, travel or entertainment app, take a step this holiday season and do what is right for the sake of your customer — wrap your app with RASP technology. Contact the solution consultants at VASCO to help keep this and every holiday season safe.

Runtime Application Self-Protection Is Critical for Mobile App Security


Leave a Comment