It takes about 8.5 minutes for a mobile application to get hacked

In 2019, global research group Aite carried out penetration testing on 30 financial service applications. On average, it took less than 10 minutes to break into their databases. In 2019, there was an increase in several highly sophisticated hacking threats, such as BankBots. During the year 2019 Google Play Protect blocked 1.9 billion malware installs. Yet, in the past decade, most popular applications have been hacked at one point or another. Here’s a list of the most popular breached apps:

1. Facebook

Application with nearly 700 million downloads in 2019. Was it ever hacked? Glad you asked. Yes, it did get hacked back in 2016. At first, Facebook reported that hackers stole 50 million users’ personal information. After further investigation, Facebook said that 40 million other users could have been affected as well. It’s concerning that Facebook requires almost all possible permissions on your phone. They want to access your location, internal storage, and even text messages. Collecting all of that information, it is one of the most dangerous applications on your phone. Due to many user privacy violations, the Federal Trade Commission (FTC) fined Facebook a record-setting $5 billion.

2. WhatsApp

WhatsApp is dominating the download charts, with nearly 900 million downloads in 2019. Even though the company’s system didn’t get hacked, there are many vulnerabilities within Whatsapp.

Even the richest man in the world isn’t safe from WhatsApp security issues

Recently, Jeff Bezos’ phone was hacked by Saudi Arabian Prince Mohammed bin Salman (MBS). The effort to hack Bezos’s phone goes back several years. In 2017, the Saudi Arabia bought Pegasus 3, a sophisticated spyware software. Later, in 2018, March 21st, Saudi Prince invited the Amazon CEO to a dinner party. They exchanged contacts via WhatsApp. Shortly after, Bezos received a video from MBS, which contained the spyware. In January of 2020, Facebook, the owners of WhatsApp, confirmed that video messages were able to install spyware on users’ phones.

Saudi embassy shared their response to the cyber attack claims:

Currently, the United Nations are investigating Saudi Arabia’s role in this hack.

3. Uber

Users downloaded the Uber application over 165 million times last year. Not only did they get hacked, but they also paid a 100,000$ ransom to the hackers to keep the data breach in secrecy. In total, 57 million users were affected by this hack. Uber stores your payment details, which is extremely dangerous if hackers could intercept this information. As claimed by Uber, riders’ credit cards or bank account numbers remained safe. However, hackers did steal 600,000 drivers licenses. Illinois Attorney General Lisa Madigan said that this is one of the most egregious cases she has ever seen. Uber was fined 148$ million for not notifying users about the hack.

4. Tumblr

With over 3.5 million reviews on Google Play Store, it’s one of the most popular applications. After getting acquired by Yahoo back in 2013, hackers were able to get into their internal database. The attackers stole 68 million users’ passwords and emails. Tumblr defends their case by saying that the stolen passwords were hashed. It means that the passwords were turned into a scrambled representation of itself. But, hackers had the details for an extended period and could have decrypted them. Tumblr does not share what methods they used to hash the passwords. It is possible that the method was outdated and had vulnerabilities. It might have been just another hoop the hackers had to jump through to get the exact details.

What are the biggest cybersecurity risks for 2020?

Every year hackers come up with more sophisticated attacks. In the year 2019, hackers focused on mobile banking applications. The use of BankBot became popular. This malware overlays your screen mimicking your banking application, and when you enter the credentials, they are in the hackers’ hands. Also, BankBot is capable of intercepting messages, which makes SMS 2-factor authentication vulnerable. For 2020, we can expect this method to become even more popular. Hackers are attracted to this hacking method. The financial gain is immediate since you do not need to resell the information to third parties.

To protect your mobile devices, using a VPN is your best bet. One of the most common ways hackers steal your details is when you are using unprotected public WiFi. However, when connected to a VPN, your internet connection is encrypted. Encrypted data looks like gibberish to anyone who intercepts it.