Jun 21, 2018

The information came up again last week that due to a bug in an iOS library, distributed worldwide, more than 25 thousand iOS apps would become extremely vulnerable to attacks. “A bug in a popular iOS library means user data can be intercepted by attackers using any SSL certificate for any web server. As many as 25,000 iOS apps are vulnerable to man-in-the-middle attacks capable of stealing user data through the use of freely available SSL certificates. ”

Before Android users start smiling – the figures for the Android universe are a whole different matter. It is mentioned that 930 million Android devices (Please note: the link leads to a german website) are known to be vulnerable to attacks.

What both worlds have in common is the dependence on manufacturers, on the manufacturer’s ability to find relevant bugs and on their ability to quickly patch these bugs as soon as they have been recognized. This entire process however is beyond the control of users. In the case of Android, it is a fact that older versions are no longer being patched.

What can one do? KOBIL customers using mIDentity Protection do not have to worry about this issue as it is not going to happen with mIDentity protection. KOBIL provides an independent SSL stack with its own SSL Truststore. It works like a VPN connection but in this particular case between a specific application and the services on the backend.

Naturally, KOBIL technology is not 100 percent immune to bugs, software is software after all. In case of a bug the KOBIL customer will receive an SDK patch that he can use in combination with his app so that within a very short time, the app will be secure again. Between the app, the device and the central services there is a constant active connection, which is checking if an update is required or not. Unlike with the classic apps of Android or iOS, mIDentity Protection is able to force an update of the app. Consequently, this ensures, without having to rely on the lead time of Apple, Google or Android hardware manufacturers, that the safety of the user is never being jeopardized before contacting the service again.

Markus Tak