InformationAge just published a post entitled “Preventing security threats – why are we not there yet?“. They refer to Wandera’s recent analysis of mobile security, data usage, trends and traffic patterns across its network of enterprise mobile devices. It identified three areas to look at to proactively protect a mobile estate. According to Wandera
Browser threats are commonly ignored by the mobile security community when it comes to mobile devices. This is the weakest link and a vector for the next growth phase of mobile malware.
While some mobile browsers offer less security than others, it’s not entirely true to say that they are the weakest link. What Wandera and other security companies haven’t yet realized, is that in-app-browsing is the weakest link.
Apps that have a ‘WebView’ allow users to open and share web links inside the app, instead of the native browser. Slack, HipChat, Yammer, Skype, Facebook Messenger are just a few examples of collaboration/chat apps that have the ability to display web content inside the app WebView. None of them check the validity of URLs before opening webpages and most apps don’t even display the URL. They also lack visual indicators that help identify trust information.
Some apps are starting to take it further. To provide a richer web experience inside their app, they automatically fetch content from the website as soon as the URL is sent and then automatically displays that content on screen. Imagine how embarrassing it would be if a colleague thought it would be funny to send you a link to a porn site while you’representing to a group of people – boom, automatically displayed without you having to click a link.
Here’s a message I received today from a very senior member of the UK Government, responsible for entire departments.
We use HipChat across a number of teams as a core way of communicating and building team culture over multiple sites and multiple projects.
The challenge we have is that we have a range of countermeasures in place for other communication channels such as email but as we move to new channels we face new challenges.
Any additional capabilities which can be integrated with core services such as HipChat would be hugely useful and helpful to us.
While it’s true that HipChat doesn’t offer a security service to protect you from potential phishing attacks today, we are working closely with them on the build of a ‘Security Integration’ that will allow its 49,000 enterprise customers to enable safety across all chat rooms with two clicks.