-
Our Services
- New Industrialisation
-
IIOT
- IIOT
- Industrie 4.0 - Smart Enterprise
- Product Lifecycle Management Consultancy
- Intelligent Automatic Warehousing and Logistics
- Real-Time Manufacturing Tracking System
- Knowledge Based Engineering & CAD Solution
- Location Based Services and Location Analytics
- The HATCH
- Hong Kong Industrial Drone Technology Centre
-
AI & Robotics
- AI & Robotics
- AI Sheet Metal Surface Defect Detection Technology
- Product Innovation and Design Management
- Robotics Application
- Automation Feasibility Study
- 3D Automatic Processing
- Application and Research on Vision and Ultrasonic Inspection Assisted by Artificial Intelligence and Robotics
- Customized Intelligent and Cognition Automation Machine & System Development
- Autonomous Air-ground Cooperative Tunnel Inspector
- AR-Empowered Robot Control System (ARERC System)
- IoT-enabled Smart Toilet Bowl Cleaning System
- Novel Materials
-
Advanced Manufacturing Technology
- Advanced Manufacturing Technology
- 3D Scanning and Reverse Engineering Service
- Flexible Metallic Fiber Physical Porous Part Fabrication Technology
- Advanced Mould Cooling Technology and CAE Conformal Cooling Analysis
- Gas Atomisation Technology
- Dual Laser Metal Polishing Technology
- Advanced Additive Manufacturing, 3D Printing Technology, and Direct Manufacturing
- Diffusion Bonding Technology
- Electrically-Assisted Free Forming (EAFF) Technology for Customisation of Sheet Metal Parts
- Plastic Process and Machinery Technology
- Fashion and Garment Technology
- Computer Aided Technology (CAx)
- Watch Assembly Automation Technology
-
Digital Transformation
- Digital Transformation
- HKPC Digital DIY Portal
- 「FitEasy」Virtual Fitting Technology - For People with Disability
- Smart Solution
- Digital Transformation Support
- Research and Analytics
- Strategic IT Management
- Cyber Security
- Embedded Software System
- New Media and Learning Technology Development
- IT Industry Support
- DevOps Maturity Assessment and Consultancy Service
- Software Testing Automation Consultancy Service
- Blockchain Consulting Service
- Extended Reality (XR) technology and consultancy service
- Smart Living
-
Green Technology
- Green Technology
- HealthTech and Chinese Medicine
- Carbon Neutrality and Comprehensive Carbon Management
- Green Procurement
- Eco-Design & Manufacturing Consultancy Service
- Cleaner Production
- Advanced decolorisation process for landfill leachate
- Effective Utilisation of Resources
- Innovative Environmental Technology Development
- Food Technology
- Geron Technology
-
Corporate Sustainability
- Corporate Sustainability
- Manufacturing Technology (Tooling, Metals & Plastics) Recognition of Prior Learning (RPL) Mechanism
- Market Research and Analytics
- Business Innovation
- Sustainability-related standards and guidance
- Organization Innovation Capability Development
- ESG and Sustainability Services
- District Innovation
- Customer Service Assessment
- Intellectual Property (IP) Protection and Management
- Support to Creative Industries
- Manufacturing Standards Consultancy Service
- Production Capacity Optimization
- Cost of Quality
- Testing & Standards
- Price Concessions to SMEs
- Community
-
Support & Resource
- Technology Transfer
- SME Services
- Biz Expands Easy (BEE) Funding Portal
-
Support Centres
- Support Centres
- Celesphere
- Inno Space
- The HATCH
- Intellectual Property Services Centre
- Advanced Electronics Processing Technology Centre
- Green Living Laboratory
- Reliability Testing Centre
- Electromagnetic Compatibility Centre
- Plastics Technology Centre
- Smart Wearables, Watch & Clock Technology Centre
- Conformal Cooling Technology Centre
- Hong Kong Digital Testing Hub
- Hong Kong Industrial Drone Technology Centre
- Aqua Research Laboratory
- Advanced Materials and Intelligent Manufacturing Centre
- Hong Kong Joint Research Lab for Applications of Intelligent Automation Technology
- Future FoodTech Lab
- HKUST-HKPC Joint Research Lab for Industrial AI and Robotics
- Hong Kong Industrial Artificial Intelligence & Robotics Centre (FLAIR)
- Venues & Facilities
- Testing & Standards
- HKPC Spotlights
- HKPC Academy
- About US
-
LANGUAGE
HKCERT and PISA Urge for Enhanced Transaction Security in Mobile Apps
Mobile apps owners and developers should apply transmission encryption (SSL), validate digital certificates and use certificate authentication technology to prevent hackers from stealing app users’ sensitive personal and transaction data, urged the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council (HKPC) and the Professional Information Security Association (PISA).
The advice came as a HKCERT-PISA study of 130 Hong Kong online transaction service apps commonly used locally found that over one-third of them lack adequate encryption security in processing credential or transaction data, and are vulnerable to hacking attacks. The “Study on Transaction Security of Mobile Apps in Hong Kong” was conducted between April and July this year,
Commenting on the findings, Mr Wilson Wong, General Manager (IT Industry Development) of HKPC, said, “The rapid growth in popularity of mobile apps and the availability of Wi-Fi technology has led to more sensitive and transaction data being transmitted in open environment. The industry should step up encryption security in data transmission to plug the vulnerabilities.”
The Study found that 34% of the mobile apps tested did not apply SSL or validate the digital certificate used in encryption. Analysis into the seven types of services offered by these apps revealed that digital wallet/payment service and mobile banking apps feature better encryption security, with over 87% attaining “secure” and “most secure” grading. The transaction security of cinema ticketing and online food ordering apps was in the medium level. Over half of the financial securities, online shopping/group buy and travel booking service apps tested were found to be “vulnerable”, or even “serious”, with no encryption at all.
Mr Eric Fan, Chairperson of PISA, said, “If a mobile app does not validate the digital certificate, fraudsters can set up a fake Wi-Fi access point and use fake certificates to seize and modify the data transmitted. This will inflict serious data and financial losses on apps users.”
Offering security advice to the community, Mr Wong said, “Mobile app users should not use public Wi-Fi networks to transmit sensitive data. If having doubts about the apps’ security, they should use mobile browsers that can provide visual cues to the validity of the digital certificates, or use mobile data network for the transactions. Also, they must not install unsolicited software or digital certificates on their mobile devices. Mobile apps owners and developers, on the other hand, must properly encrypt the data transmitted between the apps and backend servers, ensure the apps to validate the digital certificates, and apply certificate authentication technology.”
In addition to the Study, HKCERT and PISA have compiled the “Best Practice Guide (SSL Implementation) for Mobile App Development” to help apps owners and developers to improve apps security. It is now available for download from the HKCERT website (www.hkcert.org). Furthermore, they can make use of HKPC’s mobile app SSL security assessment service.
For more information, please contact Leung Siu-Cheong, Senior Consultant of HKCERT, at tel.: (852) 2788 5420 or email: scleung@hkpc.org. For other media enquiries on HKPC services, please contact Mr Felix Chan at tel. (852) 2788 5036 or email: felixchan@hkpc.org.
* * *
Mr Jonathan Ho
General Manager
Corporate Communication and Marketing
Hong Kong Productivity Council
Tel: (852) 2788 6390
Fax: (852) 2788 5056
Email: jonathanho@hkpc.org
Website: www.hkpc.org
14 September 2015
About Hong Kong Computer Emergency Response Team Coordination Centre
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council is the centre for coordination of computer security incident response for local enterprises and Internet Users. Its missions are to facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness.
HKCERT collaborates with local bodies to collect and disseminate information, and coordinate response actions. HKCERT is also a member of the Forum of Incident Response and Security Teams (FIRST) and the Asia Pacific Computer Emergency Response Teams (APCERT). We exchange information with other CERTs and act as a point of contact on cross-border security incidents. HKCERT website: www.hkcert.org.
About Professional Information Security Association
Professional Information Security Association (PISA) is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice. PISA website: www.pisa.org.hk.
Mr Wilson Wong, General Manager (IT Industry Development) of HKPC (centre); Mr Leung Siu-Cheong, Senior Consultant of HKCERT (left); and Mr Eric Fan, Chairperson of PISA, present the findings of the “Study on Transaction Security of Mobile Apps in Hong Kong” and make recommendations on the transaction security of mobile apps.
FOLLOW US
SUBSCRIBE TO OUR NEWSLETTERS
Share the latest information of HKPC to your inbox
SIGNUP NOW