Tag: skycure

Black Friday mobile security threats to explode through Cyber Monday

Consumers are being cautioned to be exceptionally careful of public WiFi hotspots and fake apps.

With shoppers out by the millions today, trying to find the best deal, Black Friday mobile security efforts will be critically important. Cybercriminals know that consumers will be downloading mobile commerce apps and will be tapping into public WiFi hotspots. This provides them with the perfect opportunity to launch their scams.

Anyone planning to use their smartphones should be aware of these types of fraud so they can protect themselves.

Anyone hoping not to have to deal with Black Friday mobile security problems will need to inform themselves. They will also need to take precautions. Fake m-commerce apps are expected to abound, as will fake Wi-Fi hotspots in busy locations such as malls. A growing number of security firms have been reminding consumers to take care before blindly trusting an application or internet connection.

Hackers love opportunities such as Black Friday mobile security breaches to grab private information.

Black Friday Mobile SecurityTwo of the companies that have tried to warn consumers of the types of mobile security threats that can occur on days like today are RiskIQ and Skycure.

Mobility strategist Brian Duckering of Skycure blogged that “Cyber criminals are increasing our risk of using mobile devices while shopping, whether it is Black Friday or Cyber Monday.” He added that “Going to physical stores and connecting to risky Wi-Fi networks, or shopping online both pose increasing risks we should all be aware of.”

RiskIQ, an enterprise security firm, said that there is a greater cyber security risk for smartphone users this year than there was in 2015. Due to the larger number of mobile device users, there are also more active cyber criminals. They target shoppers using their mobile phones to discover products or even make the purchases while using in-store WiFi.

This year, RiskIQ predicts that nearly a third (30 percent) of online Black Friday and Cyber Monday spending will be over mobile devices. At the same time, Skycure’s forecast is that mobile payments will be used three times as much this year as last year. These open the doors to more Black Friday mobile security issues and it’s up to consumers to protect themselves.

Mobile security vulnerability discovered in Wi-Fi using apps

A new opportunity for attackers to gain access to smartphone apps from these networks has been discovered.

This week, mobile security experts demonstrated an example of the discovery that was recently made that allows a very simple attack to be made which exploits a code vulnerability in Apple iOS applications.

This vulnerability gives attackers the ability to persistently alter server URLs from which the data is loaded to the apps.

This means that the attacker will be able to change the URL from which the iOS application is loading its data, presenting a massive mobile security threat. This is particularly unpleasant as the victim will not know when it is happening nor that it has occurred. It means that the attacker could invisibly use the data to be able to load malicious links or to insert false news regarding market movements into a news application.

The makers of the applications were not notified of the mobile security threat ahead of the announcement to the public.

The mobile security threat was identified by Skycure and it has, in the past, already notified app makers of this type of threat’s existence. Typically, the developers are provided with this knowledge ahead of the public announcement. However, in this circumstance, they stated that it was not possible for them to wait to notify developers before making this information public. They felt that because the vulnerability was present in hundreds of different apps – including stock management applications – it was important for people to be notified as soon as possible, without waiting to tell the app makers, first.

Skycure, a mobile security expert firm, declined to provide the names of the specific apps that were tested positive for the threat. The reason was that they didn’t want to provide this information to potential attackers who could exploit this knowledge before a solution to the issue could be found. The company’s chief technology officer, Yair Amit, said that “The vulnerability affects so many apps that it’s virtually impossible to alert app makers.” The researchers from the company also assembled a short video to demonstrate how an app could be manipulated by an attacker.