MASS_24

MassTransit_February_2017

Top 7 Security Mistakes When Designing a Mobile App M OBILE APPS — AND IN particular mobile-based payment systems — can be a double-edged sword for mass transit systems. While mobile apps off er new opportunities for riders and transit authorities, they may also increase the risks of hacking, identity theft , fraud, extortion and service disruption if not handled correctly. Transit authorities must consider the full slate of risks with mobile apps before launching these products into the market. Attacks on mobile devices, apps and the back-end servers that run this soft ware are increasingly common, and will continue to be a top target for cybercriminals. In fact, the majority of internet security reports (McAfee, Symantec, TrendMicro, Kaspersky, Verizon, etc.) have noted a steady increase in mobile attacks and mobile malware since at least 2012, with most predicting this trend will worsen in the coming years as mobile technology becomes even more ubiquitous. Th e risks to transit users should be obvious, not only because of the recent “ransomware” attack on the San Francisco Municipal Transportation Agency (SFMTA), but also due to the steady rise of high-profi le attacks, fraud attempts and other problems with 24 | Mass Transit | MassTransitmag.com | FEBRUARY 2017 popular mobile apps in recent years, including Starbucks, Samsung’s LoopPay, Venmo and more. Central to this threat is the failure of mobile app design, as security mistakes are rampant in the mobile development space. Consider NowSecure’s 2016 Mobile Security Report, which found that 25 percent of mobile apps include at least one high-risk security fl aw. Additionally, Symantec’s 2016 Internet Security Th reat Report found a 214 percent increase in new mobile vulnerabilities since 2013. For mass transit authorities, it is critical that they address these common security mistakes in order to protect their riders, as well as their own networks and systems, when making mobile apps available. Here are seven security mistakes to avoid: Failing to understand how the app puts users, devices and systems at risk. Th e fi rst step is to understand the full set of risks the transit authority and its customers may encounter through the mobile app. “Th reat modeling” is an exercise that will help the organization to understand potential threats and attacks, allowing it to develop both mitigations and contingency measures up front. By Chris Weber As transit systems embrace mobile apps as a new way of connecting with customers, it is crucial that they prioritize security.

• Next Page
• Previous Page

• MASS_1
• MASS_2
• MASS_3
• MASS_4
• MASS_5
• MASS_6
• MASS_7
• MASS_8
• MASS_9
• MASS_10
• MASS_11
• MASS_12
• MASS_13
• MASS_14
• MASS_15
• MASS_16
• MASS_17
• MASS_18
• MASS_19
• MASS_20
• MASS_21
• MASS_22
• MASS_23
• MASS_24
• MASS_25
• MASS_26
• MASS_27
• MASS_28
• MASS_29
• MASS_30
• MASS_31
• MASS_32
• MASS_33
• MASS_34
• MASS_35
• MASS_36

MassTransit_February_2017
To see the actual publication please follow the link above