Team finds many of mobile applications are open to web API hijacking

phys.org | 7/12/2018 | Staff
bungienet (Posted by) Level 3
Click For Photo: https://3c1703fe8d.site.internapcdn.net/newman/gfx/news/hires/2018/app.jpg

Smartphones, tablets, iPads—mobile devices have become invaluable to the everyday consumer. But few consider the security issues that occur when using these devices.

Modern mobile applications or "apps" use cloud-hosted HTTP-based application programming interface (API) services and heavily rely on the internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails to thoroughly replicate input validation, it gives rise to inconsistencies that could lead to attacks that can compromise user security and privacy. Developing automatic methods of auditing web APIs for security remains challenging.

Dr - Guofei - Gu - Associate - Professor

Dr. Guofei Gu, associate professor in the Department of Computer Science and Engineering at Texas A&M University and director of the SUCCESS lab, together with his doctoral students Abner Mendoza and Guangliang Yang, are working to combat these security issues.

Gu and his team analyzed 10,000 mobile apps and found that many of them are open to web API hijacking—something that potentially affects the privacy and security of tens of millions of business users and consumers globally.

Root - Threat - Inconsistencies - App - Server

The root of the threat lies in the inconsistencies that are often found between app and server logic in web API implementations for mobile apps. Gu's team created the WARDroid framework...
(Excerpt) Read more at: phys.org
Wake Up To Breaking News!
Freedom is Never Free!
Tagged:
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!