New breed of hack may hit apps’ bottom line

Saturday, 13 Feb 2016 | 5:00 PM ETCNBC.com

Man with mobile phone in sun

With alarming frequency, companies disclose data breaches or hack attacks that compromise the personal data of their consumers. Yet a new fear that may keep company executives up at night may not be from hackers, but the risks posed by their own client base.

A new study from Bluebox found that popular mobile applications like Hulu and Tinder have major security holes that allow hackers to fool the system into believing they obtained a premium account, when, in fact, they hadn’t actually paid. The study suggested these apps have flaws that lack basic defense capabilities that guard against tampering.

Read MoreHulu seeks to sell stake to Time Warner: Report

Considering their large user bases, it could mean these popular apps could end up losing money, especially as the landscape becomes increasingly competitive and premium subscriptions become a revenue driver for developers. Hulu, for instance has a commercial-free option for $4/month in addition to its regular $7.99 subscription fee. It is estimated that the company’s earned around $1.6 billion from both subscriber and advertising revenue in 2015.

“The mobile app ecosystem is still in the very early stage of security,” Andrew Blaich, lead security analyst at Bluebox Security told CNBC. “Most of them are not protected and not secured.”

The findings come at a time when the app economy is booming. According to eMarketer, mobile download and in-app revenue is projected to hit $10.4 billion this year, after growing from $7.7 billion in 2013.

The study conducted by Bluebox examined three popular mobile apps: Hulu, Tinder and Kylie Jenner’s official mobile application that gives users an exclusive peek into the world of one of the Kardashian’s more famed siblings. Bluebox’s study also found that hackers can easily disable advertising, access premium features for free, and bypass subscription payments. The firm worked with all three app makers to resolve the problem.

The problem with phony premium pays, however, is hardly unique to those three developers. Apple and Google Play stores account for the majority of app downloads, but more than 40 percent of consumers download apps using other methods. Bluebox said that gray area is where the majority of paid subscription circumvention takes place.

Still, most companies are primarily worried about hackers breaking into their customer information.

“We’re seeing them scramble to build out their apps to protect … personal information of users,” Blaich said. “But you have to start thinking about the revenue stream, as an enterprise developer, if your revenue stream can be bypassed — and if all it takes is one app that can circumvent your payment code, you should be concerned.”

SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

View the original article here

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s