Security - Technology can't save us from human nature

Security - Technology can't save us from human nature

I went to a great meetup yesterday where Martin Alderson of Codified Security gave an informative talk on security considerations when writing mobile apps.

Headline considerations:

  • It's easy for someone to reverse-engineer your code once downloaded (slightly harder on iOS than Android)
  • Once the code is visible - have you got test/staging URLs in the code? Are they secured? They'd better be
  • Use HTTPS or TLS
  • Don't leave debug logging statements in your release code. Log output is easily viewed - were you logging your service endpoints, and (heavens above) usernames/passwords while testing? Oh dear

Now all the above is very good advice, and it reminded me of the book I'm currently reading - 'Surely You're Joking Mr Feynmann: Adventures of a Curious Character as Told to Ralph Leighton'. Richard Feymann was a theoretical physicist who worked on the atomic bomb project during World War Two.

What's this got to do with security?

Well, while at Los Alamos, Feymann developed a hobby of safecracking, and became well known for it. Quite how he avoided serious censure for demonstrating the ability to break into the safes holding top secret information, I don't know.

Well, just after the war, a certain Captain had secret documents in his safe, and there was a need for the documents when he was on holiday. Feymann was asked to crack the safe, but was beaten to it by 'the department locksmith'. When he quizzed the locksmith as to how he opened the safe so quickly, his response was "Well, the default combinations on these safes are 25-0-25 and 50-25-50. I tried these and the first one worked. He hadn't changed the combination from the default." Feymann then tried these combinations and could open 20% of the safes at Los Alamos.

Default passwords on hardware anyone? Nothing's changed in 70 years.

Need secure, custom software?

At Microsec, we have more than three decades of experience when it comes to bespoke software development. If you need a secure mobile app for your business, give us a call today on 023 9251 8250 and we'll chat through your requirements.

“We had considered "offshoring" development but there's no doubt that having a UK-based resource has been critical in developing cost-effective and technically sound additions to our services.”

Customer Testimonial