Talk about 5G is everywhere right now, from the trade war with China to the ban on Huawei. Here's what 5G is and why it matters.Technologyread more
Officials remained firmly committed to a "patient" policy stance at their meeting earlier this month.The Fedread more
A slew of retail earnings the past two weeks makes it clear that while Americans continue to shop, they aren't ringing registers at department stores.Retailread more
A federal judge in New York City on Wednesday said Deutsche Bank and Capital One can turn over financial documents related to President Donald Trump and his businesses in...Politicsread more
Shares of L Brands, the owner of Victoria's Secret and Bath & Body Works, rose nearly 11% in aftermarket trading Wednesday after the company reported it beat revenue and...Retailread more
Stocks that would benefit from a federal infrastructure spending program fell after President Trump ended a meeting on infrastructure spending with Democratic leaders.Market Insiderread more
Despite the president's claim that "you can't investigate and legislate simultaneously," certain must-pass pieces of legislation, including a debt ceiling hike, will...Politicsread more
CNEX, backed by Microsoft and Dell, filed new allegations in a Texas suit accusing China's Huawei and an executive of trade secrets theft.Technologyread more
Amazon shareholders demanded the company to take action on a number of different issues during its annual shareholder meeting on Wednesday.Technologyread more
Moody's said it's downgrading the outlook for Equifax from stable to negative, citing ongoing fallout from the company's 2018 data breach.Technologyread more
Controversial lawyer Michael Avenatti was indicted on charges of trying to extort athletic shoe giant Nike out of tens of millions of dollars by threatening to go public with...Politicsread more
With alarming frequency, companies disclose data breaches or hack attacks that compromise the personal data of their consumers. Yet a new fear that may keep company executives up at night may not be from hackers, but the risks posed by their own client base.
A new study from Bluebox found that popular mobile applications like Hulu and Tinder have major security holes that allow hackers to fool the system into believing they obtained a premium account, when, in fact, they hadn't actually paid. The study suggested these apps have flaws that lack basic defense capabilities that guard against tampering.
Considering their large user bases, it could mean these popular apps could end up losing money, especially as the landscape becomes increasingly competitive and premium subscriptions become a revenue driver for developers. Hulu, for instance has a commercial-free option for $4/month in addition to its regular $7.99 subscription fee. It is estimated that the company's earned around $1.6 billion from both subscriber and advertising revenue in 2015.
"The mobile app ecosystem is still in the very early stage of security," Andrew Blaich, lead security analyst at Bluebox Security told CNBC. "Most of them are not protected and not secured."
The findings come at a time when the app economy is booming. According to eMarketer, mobile download and in-app revenue is projected to hit $10.4 billion this year, after growing from $7.7 billion in 2013.
The study conducted by Bluebox examined three popular mobile apps: Hulu, Tinder and Kylie Jenner's official mobile application that gives users an exclusive peek into the world of one of the Kardashian's more famed siblings. Bluebox's study also found that hackers can easily disable advertising, access premium features for free, and bypass subscription payments. The firm worked with all three app makers to resolve the problem.
The problem with phony premium pays, however, is hardly unique to those three developers. Apple and Google Play stores account for the majority of app downloads, but more than 40 percent of consumers download apps using other methods. Bluebox said that gray area is where the majority of paid subscription circumvention takes place.
Still, most companies are primarily worried about hackers breaking into their customer information.
"We're seeing them scramble to build out their apps to protect ... personal information of users," Blaich said. "But you have to start thinking about the revenue stream, as an enterprise developer, if your revenue stream can be bypassed — and if all it takes is one app that can circumvent your payment code, you should be concerned."