Latest news with #SubhoHalder
Newsweek
08-07-2025
- Newsweek
You Might Never Need to Change Your Password Again
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Passwords have been ubiquitous to online activity since the invention of the internet, but experts told Newsweek that may not be true for much longer. Developments in artificial intelligence and new authentication systems mean that traditional passwords are rapidly being upgraded or replaced with biometric security options—something that can't be replicated. Why It Matters Most people's password etiquette falls short of where security experts say it should be. In the U.S., the most common password length is only eight to 10 characters, and a significant portion contain only lowercase letters and digits, making passwords vulnerable to brute-force attacks. Because of this, and the instant access they grant, passwords are the most desirable piece of information a hacker or a fraudster can obtain, and the bulk of scamming techniques are designed to get them, giving criminals access to devices, computer networks, or even bank accounts. The Future of Passwords For many users, entering passwords manually is already a thing of the past, with top-level password managers proving a supposedly safe way to store and enter passwords automatically. However, Subho Halder, the co-founder and CEO of security firm Appknox told Newsweek that password managers have major problems of their own, and that Multi-Factor Authentication (MFA) was one of the most reliable ways to boost the strength of any password-based security system. "Password managers are becoming more advanced but also more exposed," Halder said. "They now use zero-knowledge encryption and hardware-backed MFA, yet they remain prime targets because of what they protect. The LastPass breach showed that even encrypted vaults can become liabilities if metadata is leaked or if users don't enable MFA. Passwords have been ubiquitous to online activity but experts told Newsweek that may not be true for much longer. Passwords have been ubiquitous to online activity but experts told Newsweek that may not be true for much longer. Photo-illustration by Newsweek/Getty/Canva "Users should protect password managers the same way enterprises protect crown jewels: with MFA, encryption, regular audits and a healthy dose of paranoia. A password manager is a vault, but without a hardened door, it's still vulnerable." Kyle Kurdziolek, the vice president of security at data firm BigID, echoed this sentiment, telling Newsweek that password managers were reliable but still susceptible to traditional hacking methods. "Password managers continue to get more secure overall with most now using strong encryption, adopting zero trust architecture, and additional security controls. "But like any tool, they're only as secure as the people and systems around them. We see breaches happen when master passwords are reused or stolen through phishing, or when vulnerabilities in the software go unpatched. "The best way to protect a password manager is to use strong, unique master passwords, enable multi-factor authentication, and keep the software up to date. But it doesn't stop there. Even with a good password manager, credentials and secrets often get duplicated and hidden across code, cloud storage, or collaboration tools." Biometric Security Both experts said that biometrics, physical data like fingerprints and facial recognition that can't be easily separated from their owner, was one of the most likely ways passwords could be phased out in the near future. "We are at an inflection point, not in terms of technology but in trust and consistency," Halder said. "Passkeys, biometric authentication and token-based access are already here, but adoption is fragmented. A 2024 FIDO Alliance report showed less than 15 percent of websites currently support passkeys despite growing support from Apple and Google. "At Appknox, we consistently find that while apps may offer 'passwordless' logins like OTPs or biometrics, they often implement them insecurely, exposing users to interception, reuse or replay attacks. "So, we are not just replacing passwords, we are rebuilding the idea of access from the ground up. Until secure, passwordless authentication becomes interoperable and foolproof across platforms, passwords will persist as a legacy fallback." Kurdziolek agreed with the focus on biometrics, but said that the industry needed to take special care that the adoption process did not include any gaps or flaws in the technology. "There's real momentum behind technologies that could replace traditional passwords, like biometrics, MFA, and hardware security keys but widespread adoption is still in progress. While there is momentum behind organizations taking steps toward a passwordless future, for many, it's still years away. "Replacing passwords is just part of the solution. Secrets, credentials, and keys often remain hidden across cloud storage, code repositories, and everyday tools. Organizations need to take control of their sensitive data wherever they live so even as they move toward passwordless security, they can reduce risk and close gaps that attackers could exploit." Artificially Intelligent Passwords As with any space in tech right now, the biggest question is how AI will impact the future. When it comes to passwords, the consensus is that AI is a double-edged sword; it provides users greater tools and detection methods for security purposes, but it gives criminals and hackers those same tools as well. "It is helping both users and attackers, but right now, attackers are scaling faster," Halder told Newsweek. "AI isn't just speeding up brute-force attacks; it's decoding password patterns, auto-generating phishing content and simulating human behavior more convincingly than ever. "On the flip side, AI is helping defenders, too — from spotting credential stuffing attacks in real time to alerting users when their passwords are weak or reused. But we can't let AI be a Band-Aid. "The real leap will come when we stop relying on passwords altogether and move toward continuous, contextual authentication powered by behavior, biometrics and device identity, not just secrets." Kurdziolek was similarly cautious of AI, and said that criminals are using it to crack passwords faster and faster. "AI is reshaping the security landscape for passwords on both sides of the equation. For everyday users and defenders, AI helps detect suspicious logins, flag credential stuffing attempts faster, and power smarter passwordless authentication methods like biometrics. "But attackers are also using AI to crack passwords faster through automated brute-force attacks and to craft more convincing phishing schemes that steal credentials in the first place. "Ultimately, AI makes strong password hygiene and secrets protection even more critical. Replacing or supplementing passwords with multi-factor or passwordless authentication is a smart step but it's equally important to uncover hidden credentials and secrets that attackers could exploit."
Tahawul Tech
07-05-2025
- Business
- Tahawul Tech
Appknox launches Storeknox at GISEC Global 2025
Appknox, a global leader in mobile application security, recently announced the launch of Storeknox, a groundbreaking continuous store monitoring platform designed to protect enterprises from evolving mobile app threats. The new solution was unveiled at GISEC Global 2025, where cybersecurity professionals from around the world are gathering to discuss the industry's most pressing challenges. As mobile apps become critical touchpoints across industries—from finance and healthcare to telecom and retail—threat actors are exploiting them through fake apps, phishing campaigns, and brand impersonation. Storeknox helps organisations take control by detecting and responding to unauthorised versions, malicious clones, and live threats across public app stores. The platform delivers real-time visibility across marketplaces like Google Play and the Apple App Store, monitoring official apps for unauthorised uploads, version changes, and policy violations. 'Security doesn't stop at app release—it enters a new phase', said Subho Halder, CEO & Co-founder of Appknox. 'In mobile-first regions like the GCC, fake apps, malware, and brand abuse are growing at an alarming rate. Enterprises need continuous AI-driven protection that evolves with the threat landscape—and that's exactly what Storeknox delivers. It's the missing layer of defence that businesses have been asking for—and today, we're making it a reality'. Unlike legacy approaches that stop at development-stage testing, Storeknox introduces post-release monitoring as an essential layer of protection. Utilising AI-powered detection technology, Storeknox uncovers malicious behaviour, injected code, phishing attempts, and shadow versions that often go unnoticed after an app is live. By consolidating threat intelligence, metadata monitoring, and automated alerts into a centralised dashboard, Storeknox gives CISOs and security teams the ability to act swiftly, close security gaps, and protect user trust. 'The development of Storeknox was driven by direct input from Appknox's enterprise customers, many of whom cited a lack of visibility after release as a top concern', Halder continues. 'With mobile applications deployed across multiple geographies, these organisations struggled to identify unauthorised clones, outdated versions, or fraudulent apps imitating their brands. Storeknox was built to solve these challenges, offering real-time protection for the post-launch phase which is a critical period often overlooked by traditional security solutions'. Storeknox aligns with Appknox's vision to offer full-lifecycle mobile app security, complementing its existing stack of testing solutions such as SAST, DAST, API testing, and SBOM. Together, these solutions empower security and DevSecOps teams to manage risk from development through deployment, while supporting compliance with local and global regulations. Image Credit: Appknox
Channel Post MEA
07-05-2025
- Business
- Channel Post MEA
Appknox Launches Storeknox At GISEC Global 2025
Appknox has announced the launch of Storeknox, a continuous store monitoring platform designed to protect enterprises from evolving mobile app threats. The new solution was unveiled at GISEC Global 2025, where cybersecurity professionals from around the world are gathering to discuss the industry's most pressing challenges. As mobile apps become critical touchpoints across industries—from finance and healthcare to telecom and retail—threat actors are exploiting them through fake apps, phishing campaigns, and brand impersonation. Storeknox helps organizations take control by detecting and responding to unauthorized versions, malicious clones, and live threats across public app stores. The platform delivers real-time visibility across marketplaces like Google Play and the Apple App Store, monitoring official apps for unauthorized uploads, version changes, and policy violations. 'Security doesn't stop at app release—it enters a new phase,' said Subho Halder, CEO & Co-founder of Appknox. 'In mobile-first regions like the GCC, fake apps, malware, and brand abuse are growing at an alarming rate. Enterprises need continuous AI-driven protection that evolves with the threat landscape—and that's exactly what Storeknox delivers. It's the missing layer of defense that businesses have been asking for—and today, we're making it a reality. Unlike legacy approaches that stop at development-stage testing, Storeknox introduces post-release monitoring as an essential layer of protection. Utilizing AI-powered detection technology, Storeknox uncovers malicious behavior, injected code, phishing attempts, and shadow versions that often go unnoticed after an app is live. By consolidating threat intelligence, metadata monitoring, and automated alerts into a centralized dashboard, Storeknox gives CISOs and security teams the ability to act swiftly, close security gaps, and protect user trust. 'The development of Storeknox was driven by direct input from Appknox's enterprise customers, many of whom cited a lack of visibility after release as a top concern,' Halder continues. 'With mobile applications deployed across multiple geographies, these organizations struggled to identify unauthorized clones, outdated versions, or fraudulent apps imitating their brands. Storeknox was built to solve these challenges, offering real-time protection for the post-launch phase which is a critical period often overlooked by traditional security solutions.' Storeknox aligns with Appknox's vision to offer full-lifecycle mobile app security, complementing its existing stack of testing solutions such as SAST, DAST, API testing, and SBOM. Together, these solutions empower security and DevSecOps teams to manage risk from development through deployment, while supporting compliance with local and global regulations.
Zawya
07-05-2025
- Business
- Zawya
Appknox launches Storeknox at GISEC Global 2025 to secure mobile apps after release and combat fake apps in the GCC
DUBAI, UNITED ARAB EMIRATES: Appknox, a global leader in mobile application security, today announced the launch of Storeknox, a groundbreaking continuous store monitoring platform designed to protect enterprises from evolving mobile app threats. The new solution was unveiled at GISEC Global 2025, where cybersecurity professionals from around the world are gathering to discuss the industry's most pressing challenges. As mobile apps become critical touchpoints across industries—from finance and healthcare to telecom and retail—threat actors are exploiting them through fake apps, phishing campaigns, and brand impersonation. Storeknox helps organizations take control by detecting and responding to unauthorized versions, malicious clones, and live threats across public app stores. The platform delivers real-time visibility across marketplaces like Google Play and the Apple App Store, monitoring official apps for unauthorized uploads, version changes, and policy violations. 'Security doesn't stop at app release—it enters a new phase,' said Subho Halder, CEO & Co-founder of Appknox. 'In mobile-first regions like the GCC, fake apps, malware, and brand abuse are growing at an alarming rate. Enterprises need continuous AI-driven protection that evolves with the threat landscape—and that's exactly what Storeknox delivers. It's the missing layer of defense that businesses have been asking for—and today, we're making it a reality. Unlike legacy approaches that stop at development-stage testing, Storeknox introduces post-release monitoring as an essential layer of protection. Utilizing AI-powered detection technology, Storeknox uncovers malicious behavior, injected code, phishing attempts, and shadow versions that often go unnoticed after an app is live. By consolidating threat intelligence, metadata monitoring, and automated alerts into a centralized dashboard, Storeknox gives CISOs and security teams the ability to act swiftly, close security gaps, and protect user trust. 'The development of Storeknox was driven by direct input from Appknox's enterprise customers, many of whom cited a lack of visibility after release as a top concern,' Halder continues. 'With mobile applications deployed across multiple geographies, these organizations struggled to identify unauthorized clones, outdated versions, or fraudulent apps imitating their brands. Storeknox was built to solve these challenges, offering real-time protection for the post-launch phase which is a critical period often overlooked by traditional security solutions.' Storeknox aligns with Appknox's vision to offer full-lifecycle mobile app security, complementing its existing stack of testing solutions such as SAST, DAST, API testing, and SBOM. Together, these solutions empower security and DevSecOps teams to manage risk from development through deployment, while supporting compliance with local and global regulations. About Appknox Appknox is a global leader in mobile application security, offering advanced testing solutions, including SAST, DAST, API testing, SBOM, Penetration Testing, and Storeknox. With a focus on identifying AI vulnerabilities, Appknox ensures unparalleled security coverage. Trusted by organizations in over 60 countries, including top banks, conglomerates, and government bodies, Appknox's solutions are designed for seamless integration with CI/CD pipelines, empowering businesses to protect their mobile apps while meeting stringent global and local compliance requirements. Learn more about Appknox's AI-powered solutions at Media Contact
Forbes
18-04-2025
- Business
- Forbes
Perplexity's Android App Is Infested With Security Flaws, Report Finds
Perplexity CEO and cofounder Aravind Srinivas. In February, days before the Super Bowl, Aravind Srinivas, CEO of AI search startup Perplexity, gave users a sparkly incentive to install its app. He posted on X that instead of buying a Super Bowl ad, the company would give $1 million to one lucky user who downloaded Perplexity's app, referred it to their friends and asked it five questions during the game, a move to lure more people for a chance to win the grand sum. 'Ask like a millionaire,' he said. But the company's Android app, which offers not only search capabilities but also acts as an AI assistant, is riddled with a host of security issues that could expose its users to data theft, account takeovers and impersonation attacks from malicious hackers, according to a report by India-based mobile security company Appknox. One of these gaps also lets anyone access Perplexity's API for free, exposing the company itself to the risk of losing revenue. Security researcher and Appknox CEO Subho Halder said it's easy to make clones of Perplexity's Android app because its code is embedded with what's called 'hardcoded secrets' — sensitive information like passwords and API keys (a string of alphabets and numbers that is used to identify and verify an application making requests to use that API), which can be extracted by an attacker. The cloned app can then be used to trick users into believing it's the real one, enabling hacks to collect private data like login information and uploaded documents. Perplexity rolled out its agent-like AI assistant for Android devices in January, which it claimed could carry out tasks like booking an Uber, playing a video on YouTube, finding songs on Spotify and making reservations all on its own. But the slew of security flaws has been uncovered just as Perplexity, reportedly in talks to raise funding at an $18 billion valuation, tries to find new ways to distribute its mobile app to more users and put it in more people's hands. The company is in talks with smartphone manufacturing giant Samsung to integrate its AI assistant into their phones and it has already reached an agreement with Lenovo-owned Motorola to do the same, according to Bloomberg. Perplexity did not respond to a request for comment. Perplexity's app is also susceptible to an attack called 'task hijacking' in which a rogue app takes control of the phone's actions without your knowledge as you use a different one. The now-malicious app can then monitor your activity and collect data. For example, someone could hack Perplexity's app so that if you're typing a prompt into Amazon's search box, it could unknowingly give hackers access to it. Halder said it could even fall prey to network-based attacks where people on an unsecured network such as an airport hotspot can have their conversations with Perplexity intercepted and their data stolen. Founded in 2022, Perplexity's first product was a conversational AI search engine that crawls the web for information and uses a mix of large language models from OpenAI, Anthropic and Meta to answer questions on any given topic by producing AI-generated summaries that include links to sources from across the web. It has raised a total of $900 million in venture funding from tech bigwigs like Amazon founder Jeff Bezos and OpenAI cofounder Andrej Karpathy and is currently valued at $9 billion, according to Pitchdeck. Perplexity's app has more than 10 million downloads on Google Play. Security vulnerabilities are just part of the problem for Perplexity. The company has come under fire from Forbes and other media outlets for allegedly plagiarizing their reporting and redistributing it across multiple platforms through a feature called Perplexity Pages. At the time, Srinivas said that its republishing product feature had 'rough edges' and that Perplexity was 'improving it with more feedback.' In June 2024, Forbes sent a cease-and-desist letter to Perplexity, accusing it of infringing copyright, to which the Perplexity responded saying the claims were meritless and that factual information is not protected by copyright law. Safety in the world of AI often focuses on the models themselves–ensuring that they're producing accurate information and aren't affected by bias. This report underscores the idea that securing the application where people interact with the models is just as important, Halder told Forbes. Halder's advice to users is to remove Perplexity's Android app from the phone until the issues are resolved. AI applications are being built at a breakneck speed and many are failing on the most basic vulnerability checks, Halder said, but 'Perplexity is a full-blown security hazard.' MORE FROM FORBES
