Simple oversights may let attackers into applications

Simple oversights may let attackers into applications

The IT security world has been abuzz after the recent hacking of tech journalist Mat Honan's entire app infrastructure, including the systems governing all of his Apple devices. According to InformationWeek, there are simple steps that can prevent these types of attacks. Some of them involve simple, improved consumer behavior. Others have to do with the structure of applications themselves, namely authentication procedures.

App loopholes persist

According to the source, some of the changes to prevent another customer-service-enabled hack from occurring could rest within the applications themselves. InformationWeek suggetsted companies rethink both the content of security questions and the manner in which they are presented. When users are able to pick their own security questions, they are much less likely to fall victim to a hacker armed with their basic background information, according to the news provider.

The source also suggested that app programmers include code to make sure a password reset event notifies the user on each of his or her devices. Making customers aware of every change to vital information could help them defeat hackers before damage is done.

Value of testing

Many companies may not know that their applications are vulnerable to outside attack. Application penetration testing can help identify any type of vulnerability, as testers can simulate a wide variety of attacks. Malicious users can employ tactics ranging from brute force, software-enabled requests to the kind of social trickery that exposed Honan's systems. An expert opinion could alert companies to opportunities for both insiders and outside attackers to compromise an app environment.

High-profile case

The security of digital logins and applications is likely to be heavily discussed in the weeks ahead. Mat Honan, victim of the severe Apple attack, detailed the entire ordeal in a series of Wired reports. He recently stated that it took $1,690 worth of work to recover his personal information and files.