ICSA Labs Blog: Mobile

Protecting Your Mobile Phone from Ransomware [PART 2]

As consumers increasingly turn to their mobile phones for shopping, banking, working and internet browsing, cybercriminals have similarly begun to evolve their tactics to keep up with the growth in mobile phone usage. 

ICSA Labs Highlights Key Security Trends Affecting Enterprises and Consumers in 2015

Security and privacy challenges are top of mind for everyone, as the Internet of Things and mobile device (and associated application) adoption continues to permeate every major industry. I sat down with our security experts at ICSA Labs to learn more about what major security technology trends they see impacting businesses and their customers in 2015. Here’s what they had to say:

Coffee for Smartphone Users. Is It Enough to Awaken Us?

It’s been reported in the news that the Starbuck’s payment app saves usernames, passwords and location data in plain text right on consumer’s smartphones. Any devious person with a little know-how can get access to this information and use it to get one caffeine fix after another ad infinitum.

Of course this is not good news. But it is more than that.  This should be a wake-up call – not just for those of us who like to pay for coffee with our smartphones.

Ad Networks and Smartphones

Free mobile apps often come chock full of ads.  And it’s not just the free apps.  A surprising number of paid apps come with ads as well.  App developers typically link in one or more advertising network to monetize their otherwise inexpensive mobile apps.

Users are relatively tolerant of mobile app advertising.  That is until a mobile ad network in a seemingly benign mobile app distributes malware or exfiltrates sensitive user information without the user’s knowledge or consent.

Mobile App Development Concerns Echoed

When speaking at conferences or to prospective customers about why there is a need to independently test an enterprise’s custom-made mobile apps, I begin by framing the problem.  I explain that one of the primary issues concerning mobile apps is that they are developed by companies with a limited amount of experience as opposed to by large, well-known companies with a lengthy software development history.

Personal Information at Stake in Enterprise Mobile Apps

There have been several reports this year indicating that many popular, free apps and a surprising number of the most popular paid apps – either Android or iOS – are not good at safeguarding sensitive information.  From contacts to calendars, an amazingly high percentage of app developers don’t seem concerned with protecting your sensitive information. 

Even so, there are apps that accidentally, spectacularly, and unexpectedly transmit your sensitive information. Take Tumblr (now part of Yahoo!) for example.

An Android Master Key Solution...But

Last week I blogged about the “Android Master Key” vulnerability.  Not long after its discovery by Bluebox, the Chinese firm Android Security Squad found a similar Android Master Key vulnerability.  Both vulnerabilities permit adversaries to circumvent the Android app signature verification process after modifying any app.

Almost a Billion Vulnerable Android Devices

Researchers at Bluebox, a new mobile security company, recently found a serious vulnerability affecting almost every version of Android. Vulnerable Android versions include all recent versions as well as those dating back to version 1.6 (code name: Donut) that was released in September 2009.

Mobile App Insecurity

Not that long ago enterprise users did all of their computing work with PCs. Then, the small set of applications utilized each day was largely developed by a few, well-known vendors. Today’s mobile world is much different; there is a much larger set of less recognizable software developers who create mobile apps for enterprises.  

Are You Being Followed?

 

No, you’re probably not being followed.  Or at least, let’s hope no one is following you.  And while there may not be a person keeping tabs on your whereabouts, you’re probably carrying something that can and often does keep track of you.  That something is your smart phone.