Skip to main content
banner image
venafi logo

Failing to Protect Customers’ Trust Will Impact Your Business

Failing to Protect Customers’ Trust Will Impact Your Business

generic_blog_banner_image
September 25, 2014 | Patriz Regalado

In my last blog on “SSL Vulnerabilities in Your Mobile Apps: What Could Possibly Go Wrong?” I reported on the latest threats facing many enterprises today, because enterprises are failing to secure the trust in the mobile apps they’re developing for their end users. Researchers discovered that many of the popular mobile apps developed by reputable companies often do not implement SSL validation correctly, making them vulnerable to active man-in-the-middle (MITM) attacks. In MITM attacks an attacker can substitute a legitimate SSL certificate with one under his control and view and/or manipulate private information submitted by the user.

Failing to Protect Customers’ Trust Will Impact Your Business

As a follow-up to my previous blog, I’d like to focus on the business impacts that these mobile app security vulnerabilities have on enterprises and why CISOs should keep them in mind.

Customer Privacy Breached

Adopting an app-based strategy for your customers is not easy and it comes with significant risks. As mentioned above, the SSL vulnerabilities found in mobile apps are prone to MITM attacks that trick users into leaking sensitive data. And these leaks are particularly threatening because consumers are using mobile apps to access banking records, healthcare benefit plans, and retail accounts. This creates security risks for enterprises because it requires them to expose backend systems and data via APIs, which means that consumers’ sensitive information is being placed at risk of compromise. Attackers exploit mobile apps that do not check the validity of SSL certificates by using fake unassigned certificates to attack end users. Attackers can intercept traffic on wireless networks used by mobile devices and insert the fake SSL certificates, inject malicious information-stealing code directly into the apps, and divert users to compromised sites to conduct fraudulent transactions without most users noticing the difference.

Brand Reputation Damage

When an attacker finds an exploit or flaw in your mobile apps that leaks your customers’ private information, be prepared for a PR nightmare, because this will surely make a very large splash in the media. Security and privacy issues can have a major impact on customer adoption of your mobile apps, damage your company's brand reputation, and even negatively impact revenue. Keep in mind that you will not always get a second chance to get it right with your customers.

Audit Failure

Fandango and Credit Karma mobile apps failed to secure SSL and validate certificates and exposed consumers’ sensitive personal information. Both were heavily penalized by the FTC and should serve as a reminder of the seriousness behind failing to secure and validate SSL certificates. By overriding the default validation process, Fandango undermined the security of ticket purchases made through its iOS app and exposed consumers’ credit card details, including card number, security code, zip code, and expiration date, as well as consumers’ email addresses and passwords. Similarly, Credit Karma’s apps for iOS and Android disabled the default validation process, exposing consumers’ Social Security Numbers, names, dates of birth, home addresses, phone numbers, email addresses, passwords, credit scores, and other credit report details such as account names and balances.

It is the responsibility of IT security teams and CISOs to ensure that they protect customers’ privacy and safeguard them from fraudulent or malicious activities. And to do this, organizations need to ensure their apps are not leaking private information, ensure trusted connections to services, and have the right intelligence to ensure trust between the business and the customer.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

generic_blog_banner_image

Meet Us at Black Hat 2015: Blue Coat and Venafi Security Experts Discuss How to Combat SSL/TLS Encry

generic_blog_banner_image

4 Ways to Arm Your Incident Response Team for Rapid Key and Certificate Remediation

generic_blog_banner_image

$600 Million Dollar Question: Is Your Company’s IAM MIA?

About the author

Patriz Regalado
Patriz Regalado
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat