The fear of lack of app security has reached to an extent where Outlook mobile app had to be banned from usage! The European Parliament has now blocked Outlook mobile app for all types of smartphones at various organizations, companies and institutions. It was found that that data and user credentials are being stored in the cloud, bypassing a number of security policies. Users were also further recommended that they delete the app from their device and change their password.
Thus, even the educational institutions like the University of Wisconsin have asked to block the apps for usage by their students, especially campus leaders, campus IT and those who have been affected. Developer Rene Winkelmeyer discovered the flaw after finding he was still receiving notifications despite deactivating his device. He has urged all firms to block the app from accessing company mail servers until Microsoft rectifies the situation.
What specific did the University of Wisconsin worry about?
The login method of Outlook mobile app is on cloud service, which totally holds the ability to seek all the information from the users. Outlook mobile app stores the NetID and password in a cloud service. Additionally, it allows users to connect to their personal Dropbox, Google Drive and OneDrive accounts allowing them to share information with consumer cloud services and open up files on corporate networks, posing a range of security risks. Also, multiple iOS devices cannot be distinguished due to an issue with ActiveSync, meaning administrators cannot see the difference between an iPhone and an iPad.
Subho Halder, Chief Security Scientist at Appknox said that often businesses and institutions assume that companies like Microsoft cannot go wrong with such security issues. He added that he has himself discovered threats in applications made by Microsoft, Apple, Adobe, Facebook and many more.
Microsoft doesn't make any claims around the devices to follow their ActiveSync security policies when the app is installed. It is thus the company's responsibility to take time out and investigate the security of products before using them. This could be done either directly by raising questions with the app’s developers, or through third parties who can investigate the security of products.
The problems for Microsoft Outlook didn't seem to end even until recently when it was notified that a hacker was accessing some Outlook accounts since January 2019. The webmail credentials of a support agent were stolen and as a result, the hacker was able to gain unauthorized access to several user accounts between January and March 2019. Microsoft officials reported that the hacker could have gained access to email addresses, email subject lines, and folder names but not the complete details and content of the emails and their attachments.
The number of users impacted by the breach was still not known to the company. The company also had no information about the hackers or what the purpose behind the attack really was. According to Microsoft, the hackers weren't able to gain personal user information or login details. However, as a caution, the company has advised Outlook users to change their passwords.
Well, if you'd like to know if that enterprise app that you are using is safe or not, just sign up for a free scan with us and we'll tell you whether you'd be affected by it or not,
As for businesses and app developers, mobile app threats are becoming common and are crossing boundaries. So, keep your consumer's data safe by making sure your app is secured before you face any attempt to hack.