What is a commonly exposed mobile application vulnerability?
- insecure data storage
- SQL injections
- user enumeration
Explanation: Threat actors can gain access and control mobile devices through compromised mobile applications, even though both Android and iOS are relatively secure. Some of the most widely exposed vulnerabilities are as follows:
- Insecure communication – The communication technology and channel must be secured. When there is weak negotiation, poor handshake practices, and the use of incorrect versions of SSL, the communication is not secure.
- Insecure data storage – Many applications have access to data storage areas of mobile devices, even though they may not need it. Data storage must be secured and applications must be tested to ensure there is no data leakage.
- Insecure authentication –A session must be managed properly to ensure that it is performed securely. Users must be identified when necessary, and their identity must be maintained securely.
- Improper platform usage – Mobile apps use features built into the platforms such as TouchID, Keychain, and Android intents. Should these security controls be misused, access to the device and other apps can be compromised.
- Insufficient cryptography – The cryptography used to encrypt sensitive data must be sufficient and must be applied when necessary.
More Questions: IoT Security 1.1 Chapter 5 Quiz Answers