Tag: mobile apps security

Smartphone users may be more trusting in mobile security than it deserves

| March 3, 2016

According to a recent study, Android device users are taking quite a casual attitude toward their vulnerabilities.

Proofpoint, a cyber and mobile security firm, has now released a report that has shown that users of Android devices had willingly downloaded more than two billion apps containing malicious code in 2015.

Those findings with regards to the downloading of malicious mobile apps were published in the Human Factor Report.

That report provides a closer view of the most recent cyber and mobile security trends throughout social media, mobile apps and email. Among the top findings of this report, one that is drawing a considerable amount of attention is the fact that malicious mobile applications are affecting the United States the most, with China in second place. The findings also pointed out that many of the problems with malicious apps come from downloads that are occurring in marketplaces outside of official channels.

These marketplaces are posing a considerable mobile security threat that device users seem to be ignoring.

mobile security trustThe researchers from Proofpoint discovered rogue app stores that were giving mobile device users the opportunity to download “free” clones of popular apps for both Android and iOS devices but that contained malicious code. In many circumstances, the games were clones of premium apps that were being offered for free, or included those that had been banned from the official Apple iTunes Store, luring people to these rogue marketplaces with their offer of something that was certainly too good to be true.

In order to be able to download those mobile apps, the users would have had to bypass a number of cyber security warnings along the way. Despite that fact, and the fact that downloading from those marketplaces increases the risk of downloading a malicious app by four times, many people are continuing with this activity.

The mobile security issues presented by these malicious apps can include anything from the sharing of personal information and data to revealing passwords to third parties. Downloads from those marketplaces surged during the fourth quarter of last year. Among the malicious apps that were indeed downloaded, data was communicated to 57 different countries. Of the data that was transmitted, 19 percent went to China.

Mobile security concerns exist in parking meter apps

| December 15, 2015

A recent investigation from NCC Group has revealed that these applications are vulnerable to being hacked.

Researchers from NCC Group have now completed an investigation that has revealed that there could be greater mobile security concerns associated with parking meter apps than most users likely realize.

The researchers explained that many of these mobile apps are open to cyber attacks from hackers.

Companies using mobile apps to allow people to pay for their parking in the United Kingdom have been doing so in order to offer additional convenience through this alternative method. However, according to this research, the people who are using these apps may also be increasing their risk of mobile security problems. This typically affects people who have smartphones based on the Apple and Android operating systems.

It was the mobile security of the Android applications that underwent the majority of the investigation by NCC.

Mobile Security - Image of parking metersThe researchers looked into the various kinds of security vulnerabilities that can impact these specific kinds of mobile apps. They wanted to look into those applications as a whole opposed to examining individual apps and labeling them as somehow different than the rest. Therefore, they did not name the specific apps that were studied in the report. Instead, they published their results in general with regards to the paid parking apps in general.

The assessment of the security of these apps was focused on the amount of attack surface that was available on Android based smartphones, including the vendor’s APK and any data that would be stored on the mobile device because of the interactions with the online support servers. At the same time, throughout this research, there was no time at which investigations were made into problems that could result from manipulating data sent to the server. Therefore, this research did not represent the same level of results that would have been achieved if the apps had undergone thorough penetration testing.

The mobile security conclusion of the team at NCC was that almost all the applications they investigated had been “affected by security vulnerabilities – some more serious than others.” They pointed out that their cryptographic implementation mediocrity was among the most common trends from one to the next.