BANKING VIA iPHONE: INSECURE, COULD BE WORSE
IMPROVED: Security in iOS banking apps, as tested by security consultancy IOActive Labs.
That computer in your pocket is used for very important things – selfies, checking Yelp reviews, occasionally voice communications – and increasingly for banking. As far back as 2013 Bank of America reported that more people accessed their account though their mobile app than their online login . IOActive’s Ariel Sanchez surveyed iOS banking apps in January 2014 and found a staggering number of security flaws. Returning to the subject this year, Sanchez notes a lot of improvement, but many apps still contain serious vulnerabilities. All of the surveyed apps require an HTTPS connection, but one in ten fail to properly validate the bank’s SSL certificate – this can allow man in the middle attacks.
OF CHAINS, BLOCKS, BANKS AND STOCKS
APPROVED, by the Securities and Exchange Commission: Overstock.com’s plan to issue stock online, using the same blockchain that powers Bitcoin.
A blockchain is “a shared, trusted, public ledger that everyone can inspect, but which no single user controls” – and state-of-the-art cryptography protects the integrity of a blockchain’s info. Though mostly known for enabling “cryptocurrencies”, newer uses for blockchain technology have been mooted. The first moves are now being made, and other players are moving into the field: some 40-odd banks have signed on with R3’s (proprietary) distributed blockchain system, while the Linux Foundation’s Open Ledger Project intends to use a similar design to create an open-source alternative.
MATH WINS EVERY TIME
CONFUSED, by multiple parties: The difference between wishing and math.
Even as enterprises like banks see new uses for strong cryptography, we note calls by several public figures for “backdoors” or “workarounds” in encryption to fight criminals and terrorists. In the wake of attacks in Paris and San Bernardino (neither of which apparently depended on cryptography) various proposals have been floated for so-called “golden key” solutions – secret backdoors in encryption for legitimate entities. Unfortunately, this scheme is held to be imaginary, unworkable or worse by folks who actually implement security for real-world uses. As Apple CEO Tim Cook recently said, “You can’t have a backdoor that’s only for the good guys”. Further, a “golden key” would be a very attractive target to hackers, and the US government’s record on securing confidential information is shaky at best.
As well as weakening internet security with intentionally broken software, these proposals would be dreadful to implement, costly to maintain, raise huge liability issues – and drive global business away from American companies.
As always, thanks for your reading these words, and remember what we truly believe here at SSL.com – a safer internet is a better internet.