smartphone security Archives ⋆ Page 23 of 36 ⋆ Mobile Commerce Press

Tag: smartphone security

Mobile security vulnerability discovered in Wi-Fi using apps

Lucy | November 4, 2013

A new opportunity for attackers to gain access to smartphone apps from these networks has been discovered.

This week, mobile security experts demonstrated an example of the discovery that was recently made that allows a very simple attack to be made which exploits a code vulnerability in Apple iOS applications.

This vulnerability gives attackers the ability to persistently alter server URLs from which the data is loaded to the apps.

This means that the attacker will be able to change the URL from which the iOS application is loading its data, presenting a massive mobile security threat. This is particularly unpleasant as the victim will not know when it is happening nor that it has occurred. It means that the attacker could invisibly use the data to be able to load malicious links or to insert false news regarding market movements into a news application.

The makers of the applications were not notified of the mobile security threat ahead of the announcement to the public.

The mobile security threat was identified by Skycure and it has, in the past, already notified app makers of this type of threat’s existence. Typically, the developers are provided with this knowledge ahead of the public announcement. However, in this circumstance, they stated that it was not possible for them to wait to notify developers before making this information public. They felt that because the vulnerability was present in hundreds of different apps – including stock management applications – it was important for people to be notified as soon as possible, without waiting to tell the app makers, first.

Skycure, a mobile security expert firm, declined to provide the names of the specific apps that were tested positive for the threat. The reason was that they didn’t want to provide this information to potential attackers who could exploit this knowledge before a solution to the issue could be found. The company’s chief technology officer, Yair Amit, said that “The vulnerability affects so many apps that it’s virtually impossible to alert app makers.” The researchers from the company also assembled a short video to demonstrate how an app could be manipulated by an attacker.

Mobile security issues such as malware are causing a boom in protection services

Julie Campbell | October 16, 2013

This is exacerbated by the number of devices that remain unprotected.

Mobile security solutions providers are already struggling with the practices of many clients through their BYOD initiatives – which are becoming increasingly common – but a new report has indicated that the problem is growing on a large number of levels.

The report indicates that cybersecurity threats have taken off over the last two years, particularly in smartphones.

The study was conducted by Juniper Research Ltd., a firm based in the United Kingdom, and indicated that mobile security threats have taken off over the last couple of years and despite that fact, the majority of smartphones still remain nearly entirely unprotected.

This is because mobile security threats are starting to change in their primary focus.

Mobile security threats Although cyber criminals had initially transferred their focus from PCs to mobile devices for consumers, they are starting to concentrate on the enterprise space to a growing degree. By the end of this year, it is expected that there will be one million types of mobile malware that will be thriving by the end of 2013.

In fact, the analysts at Juniper determined that over 80 percent of all consumer and enterprise owned smartphones will continue to be unprotected throughout the remainder of the year, despite the large exposure and considerable threat of malware. The slow mobile security protection is the result of low awareness among device users to the vulnerabilities, and the overall perception that these devices are too expensive to protect.

These findings were published in Juniper’s “Mobile Security: BYOD, mCommerce, Consumer &Enterprise 2013-2018” report. Within that report, Juniper divided the online landscape for mobile security threats down into various different segments. Approximately 70 percent of the threats were found to be able to steal a smartphone owner’s personal data that is stored on the device. An additional 20 percent of these types of malware are forms of adware and spyware that need the permission of the user for installation and that then proceed to collect device location, personal data, or usage behavior.

Though the mobile security situation may look bad, the report did indicate that there is a growth in awareness and that this is beginning to have an impact on the attitudes and behaviors of device users in securing their gadgets.