Welcome to the April 2016 issue of the Computing Security Newsletter
You may well recall how, just a short while back, Google released patches that set out to tackle the latest collection of Android security blunders, ten of which have been classed as high priority. But even these last-ditch attempts to ensure the security of users’ devices fell short of the vulnerabilities they are faced with. So the response was to beat something of a retreat and make those patches only apply to Nexus devices in the short term.
All a bit messy and prompted some timely cautions around the industry. One such came from Tom Lysemose Hansen, founder and CTO at Norwegian app security firm Promon, who warned that developers should protect each app individually, rather than only relying on the unstable protection offered by Android. Hansen commented on the contradiction of attempting to establish perennial security, while leaning on the crutch of regular patching:
“App security shouldn’t be a game of one-upmanship with reams of customer data sacrificed at each turn,” he said. “As well as securing against the most recent flare-up of malware, developers must also account for future threats. Although hackers’ techniques have become increasingly sophisticated, their success comes down to their use of a variety of approaches: they need only succeed once.”
Patching can be effective, but in the wake of a successful attack on a device, it’s like shutting the gate after the horse has bolted,” Hansen added. “That the user is still made to rely on inconsistently released patches is absurd. Instead, app developers must pick up the slack left by the inadequate security offered by Android’s OS and ensure multiple layers of defence, so users are not made to bear the brunt of future malware.”
The general message coming across is that users can’t simply rely on patching and, until this issue is properly dealt with, developers must take urgent steps to introduce security at the level of the application. Commonsense? Yes. Widespread practice? If only!
How soon biometrics might become mainstream across all business sectors is now the big question, especially as cyber attacks continue to hit unprecedented levels.
To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.
Brian Wall, Editor
Follow us :