There has been a spate of security flaws across a number of tech applications and software over the past twelve months, the most prominent being Sony’s meltdown when hackers claimed to have stolen as many as 2.2 million credit card details from the roughly 70 million users across the PlayStation network.
The latest app to fall foul of such a security breach is the infamous Snapchat. For the uninitiated, Snapchat is an app the allows users to share photos with friends that instantly disappear without a trace after 1-10 seconds, depending on the deliverers settings.
Hackers have now collected usernames and phone numbers of around 4.6 million users, having exposed a security lapse in the ‘Find Friends’ feature, which was apparently at the heart of the breach. Christopher Soghoian, principal technologist with the American Civil Liberties Union, comment désactiver un compte snap exposed what he believes to be an even more disturbing problem, in that they “demonstrated a cavalier attitude about privacy and security”, following reports that security experts had warned the company on at least two separate occasions, about a vulnerability in its system.
What is truly disconcerting is the precedence that these security flaws seem to set for not only existing software but future products and updates as well. What measures can we take to ensure that our sensitive information isn’t hacked, sold and distributed across the web?
Gartner security analyst Avivah Litan said phone numbers were not considered “sensitive” personally identifiable information – such as credit card or social security numbers – so they are collected by all sorts of companies to verify a person’s identity.
A phone number is “not as bad as password or magnetic strip information, but it’s the piece of the puzzle that criminals need to impersonate identities”, she said.
However, according to a new report by Forrester Research, mobile security risks are moving to apps, mimicking the traditional computing space in which security and risk professionals first targeted networks and devices and then progressed to applications.
The Forrester Research report cites three reasons for directing security to apps:
1. Security and risk professionals have little control over mobile networks, devices and OSs. Operating system vulnerabilities show no correlation to the number of threats against them, reports Forrester, citing “Symantec Internet Security Threat Report 2013.” The top layer of security stack, therefore, is the primary point of risk within mobile.
2. Employees are using multiple personal devices at the office, home and while travelling to view private and strategic corporate data.
3. Mobile apps are updated more frequently than traditional PC applications, making it hard for security and risk personnel to keep up with the rapid pace of device expansion.
Despite obvious concerns across the Snapchat community, this latest hack is claimed to be without malicious intent; in a statement emailed to website TechCrunch, the hackers said: “Our motivation behind the release was to raise the public awareness around the issue”.
As technology enthusiasts, we’re all aware of the dangers the internet poses in exposing sensitive information; but with increasing fears about the levels of security in start-ups and established brands alike, consumers are becoming wary of what personal details should be posted and where.