MobiSec

Thank you FITT IIT DELHI for organising Defence Expo & Demo Day and providing an opportunity to mobisec Technologies to pitch our solution and seek valuable feedback from senior military officers, bank executives and stakeholders in cybersecurity domain. #cybersecurity #defence

⚠️Workshop Alert!💳Smart Cards in Action 💡Build, burn & run security applications on smart cards + Learn to write real World applications for smart cards with the JavaCard Tech in this Workshop by Dr. Rajesh Pal Discover more➡️bit.ly/3P81AMZ #NullconGoa2022 #infosec

Flubot takedown How to identify Android malware?: Malware disguised as an app could be difficult to spot. Get suspicious of an app if (a) If you tap an app, and it doesn’t open (b) If you try to uninstall an app, an error message shows up. Remedy: Factory reset your mobile. <4/4>

Flubot takedown How Flubot affects me?: Steals passwords, online banking details and sensitive information from user’s smartphone. Accesses contact list to further spread itself. <3/4>

Flubot takedown In a nutshell: What is Flubot?: An Android malware that spreads through SMS. The message entices smartphone user to click a link in SMS that installs a malicious app. <2/4>

Flubot takedown Good news: An international law enforcement operation involving 11 countries takedown Flubot malware that was spreading like wide fire since 2021, declares Europol. <1/4>

Securing the enterprise managed mobile devices is essential to have a robust cybersecurity posture. CISA has recently published Mobile Device Cybersecurity Checklist for Organisations [1]. It is a good go-to checklist. [1] lnkd.in/gcbKMrcp #cybersecurity #mobilesecurity

Indian banking users are being targeted by Drinik Android malware since past three months to steal their banking account and debit card details. The people are lured to divulge their banking account details on pretext of Income Tax refund. See more at: linkedin.com/feed/update/ur…

Extraneous functionality may risk backend systems. Manual code review is most effective to identify extraneous functionality. Automated static and dynamic analysis tools may be useful in identifying log statements and other issues. #mobilesecurity #owasptop10

Most mobile apps are susceptible to reverse engineering. Use of obfuscation tools to obfuscate the app code is an effective deterrence against reverse engineering. See more at: linkedin.com/posts/mobiseci…

Code Tampering is modification of an App to create a malicious version. The attacker generally hosts tampered Apps in third-party app stores or tricks users to install the App via phishing attack. This exploitation is quite prevalent. Read more at linkedin.com/posts/mobiseci…

Poor Code Quality issue through which execution of foreign code within the mobile app’s address space becomes possible could be risky. Code review, static code analysis and fuzzing are recommended to discover and fix poor code quality issues.

By exploiting poor or missing authorization, attacker executes privileged/ administrative functionalities which are not entitled to him. Insecure authorization may result in destruction of systems or access to sensitive information. Read more at linkedin.com/feed/update/ur…

Cryptography is extremely essential in safeguarding the user's data – especially in a mobile environment where attackers can have physical access to the user's device. Read more: linkedin.com/feed/update/ur…

Offline/ local authentication can easily be bypassed on jailbroken devices. Therefore, authentication in mobile apps is recommended at the app’s backend server. Strong authentication protocol and anomaly detection at the backend server are useful to counter automated attacks.

Insecure communication is ranked third among mobile vulnerabilities by OWASP. The use of industry-standard encryption suites and trustworthy signed certificates can further help to mitigate the consequences of these vulnerabilities. #cybersecurityawareness #owasptop10 #owasp

Improper platform usage covers misuse of a platform feature or failure to use platform security controls resulting from an application's incorrect use of platform features or the failure to implement specific security safeguards. Read more: bit.ly/3iEvZEh

Insecure data storage vulnerabilities arise out of poor encryption when the development team assumes that users or malware won’t have access to a mobile’s file system. Mobile Security Testing platform like #mobiSCAN ensures that an app is free from Insecure Data Storage risks.

OWASP Mobile Top 10 is a guideline documented by global security experts ranking the most critical security risks affecting mobile applications. Read more here: bit.ly/36syow2 #cybersecurityawareness #mobilesecurityplatform #mobilesecurityawareness #owaspmobiletop10

In today's environment, mobile app security has become vital to protect mobile devices. A compromise in mobile security can not only offer hackers real-time access to the user's personal life, but also reveal data such as personal & banking information, present location, etc.