Subway, Sandwiches & Security

Remember that wallpaper they used to have at Subway sandwich shops? You know, with all the pictures of clunky, outdated modes of transportation? Subway’s wallpaper always provided an interesting window into the past and gave the place a sense of nostalgia.

So, imagine security researchers’ surprise when it was uncovered that Subway’s mobile app is anything but old-fashioned and in fact, employs some of the toughest and most technologically advanced security standards available.

Recently, a white hat hacker attempted to crack the Subway mobile app just so consumers would know whether or not their payment data was safe. In the end, this researcher did succeed, but he also uncovered some interesting quirks along the way.

What this researcher found was the kind of impregnable built-in security features normally used by mobile apps in the financial industry. For example, the app uses a custom app signature verification process, signaling that its guards are up against reverse engineering.

This means that the Subway mobile app has systems in place to prevent hackers from breaking through their site with fraudulent certificates. When a hacker attempts to get through, perhaps to access users’ payment information, they will instead be greeted by a popup stating that the verification has failed, calling out the hacker for tampering with the mobile app.

While this high level of security is certainly commendable, it also poses a question – why would a mobile app used for ordering sandwiches go to such great lengths in the name of cybersecurity?

One theory is that Subway appears to be responding to the recent spike in threats that have developed in the mobile space.

As was unveiled in the most recent McAfee Labs Threats Report, the number of new mobile malware samples jumped 49% between the first quarter of 2014 and the first quarter of 2015, a sobering statistic.

If Subway’s security efforts are any indication, it would seem that companies across all industries are feeling the pressure to implement tighter security measures in their mobile apps.

However, it’s never wise to rely on mobile apps alone for keeping your information safe and secure. So, while these mobile apps refine their privacy measures and work to introduce higher levels of protection, let’s take security into our own hands.

Having comprehensive security installed on your mobile device is key. McAfee® Mobile Security is free for Android and iOS users, and provides a variety of protections that will help keep unwanted eyes off of your devices.

Another quick tip? Be sure to pay close attention to the permissions that your mobile apps are requesting. A wallpaper app for instance, shouldn’t need access to your texts or location and may be up to something fishy if it’s trying to request access to them.

As always, to keep up with the latest security threats, make sure to follow @IntelSec_Home on Twitter and like us on Facebook.