In an effort to demonstrate that no technology or gadget was immune to their attacks, Kaspersky Labs found the virus “Cabir” in 2004. This infection was thought to be the creation of expert virus writers. Nokia phones using the Symbian operating system were infected by the virus. We are about to witness the negative aspect of the new threat that it marked as its commencement.
Mobile apps boost productivity, but they can also expose users to a variety of security and data privacy threats, including device loss or theft, data leakage, malware infection, and unauthorised access to corporate networks and systems. The bring-your-own-device (BYOD) culture raises more questions regarding mobile security.
Businesses must be sure to safeguard both corporate-issued and BYO devices, according to Ravikumar Sreedharan, VP, Application Services & MD, Unisys India. As a strategy to increase the distribution of both corporate-approved consumer apps and specialised mobile business apps, businesses should think about developing enterprise application stores. In addition to mandating app passwords and remotely wiping enterprise data in cases of theft of corporate provided devices, they should additionally encrypt enterprise data (while leaving out personal data on BYO devices).
Globally expanding mobile device use has transferred web hazards from traditional Computers to our cellphones. Mobile applications are the programmes we download into our mobile devices, whereas app stores are centres for downloading software.
Mobile apps are the new frontier for risks since users who download from app stores can find up getting malware instead.
Cybercriminals are utilising this trend by designing dangerous apps for wide-scale distribution due to the consumerization of smartphones and the lack of user awareness.
Why are mobile apps targeted?
With more people using smartphones, there is a rising need for mobile applications. Depending on their operating system, consumers can choose from the Android Play Store, iTunes App Store, Windows Phone Marketplace, BlackBerry App World, and Samsung Apps.
By 2017, tablets and smartphones will increasingly be the target of endpoint security breaches, according to Gartner. Currently, there are three mobile device attacks for every attack on a desktop computer. Also, through 2017, rather than being the result of technological attacks on mobile devices, 75% of mobile security breaches will be the consequence of mobile application misconfigurations, such as the exploitation of personal cloud services through apps on smartphones and tablets. Android, an open source operating system, is seen as being weak.
“Open-source software allows third parties to access, edit, and even relicense the software,” says Tarun Wig, co-founder of Innefu Labs. Because the source code is publicly available and available to hackers and malevolent users, security of open source software is a major problem for organisations wishing to incorporate it as part of their software stack.
Android security hole
With 57.29% of the world’s population using Android smartphones, it is the most widely used platform, followed by iOS and Windows. Due to its open app distribution architecture that allows for participation by any developing parties, the Android platform has become the target of ongoing cyberattacks.
Symantec’s Internet Security Threat Report (ISTR.20) estimates that 17% of all Android apps—or just under a million in total—were actually malware. This comprises 46 brand-new malware families for Android in 2014. Moreover, there could be up to 2.3 million “grayware” programmes, which aren’t technically malware but yet exhibit unwanted behaviours like inundating the user with advertisements. New Android flaws could make it possible for remote attackers to take control of vulnerable devices by sending them a malicious multimedia message (MMS).
Ritesh Chopra, National Manager for Norton by Symantec, stated that Stagefright was a recent Android vulnerability. Users of Android devices are at risk from these flaws since most of the time, all it takes for an exploit to be launched is for the victim to glance at the harmful message. The Android Stagefright Media Playback Engine Several Remote Code Execution Vulnerabilities concern this part of Android that controls media playback. Any of these vulnerabilities that are successfully exploited could provide a hacker access to remote code execution. As a result, a hacker might be able to infect the device with malware and steal information from locations that Stagefright has authorization to access.
Downloading from app stores carries risks
To improve the end-user experience, the emphasis has recently switched from quantity to quality. Since end users must utilise mobile apps, there should be a strong health warning attached to their use. Grayware apps, which aren’t malicious by design but annoy and unintentionally hurt users by tracking their behaviour, made up 36% of all mobile apps in 2014, according to Symantec’s ISTR.20 report.
We have often observed that a sizeable fraction of mobile app developers do not adhere to information security best practises. It was discovered that many mobile apps do not securely handle user credentials and actually threaten user or device security and privacy in a number of ways, according to a Symantec study on the security of popular health and fitness apps. “Due to the way they carry out their operation, many mobile apps may mistakenly reveal other users’ personal information. According to Ritesh Chopra of Norton by Symantec, mobile apps too have their share of exploitable flaws that might be used by hackers to steal information and carry out other nefarious actions.
Unwanted actions including using premium rate services, click fraud, mining virtual currencies, and other undocumented features like back doors can all pose security problems.
Hence, even while applications are entertaining, increase productivity, and make life easier, some “Rogue” apps pose serious concerns.
How can security risks to smartphones be handled?
Hackers are increasingly using mobile devices due to the prevalence of smartphones and tablets because it is much simpler to hack them than a laptop. We have already had to deal with the costly and embarrassing repercussions of not taking security seriously, therefore it is always preferable to learn from the past.
Here are some recommendations from Sridhar Iyengar, Vice President at ManageEngine, that customers can utilise to safeguard their gadgets:
Mobile Containerization:
The goal of containerization is to protect the personal space of mobile end-users while storing corporate information in safe, secured containers. Enterprise IT administrators have complete control over the container, allowing them to secretly push apps there and keep an eye on the information flow. One of the best practises for mobile security, particularly in BYOD and COPE settings.
Device Encryptions:
Data encryption is essential for many industries, including the legal, medical, and government sectors, which deal with a lot of highly secret data. This security measure is still crucial since it makes the data on a mobile phone useless to hackers or thieves of mobile devices.
Wipe Selected Areas/Remote Lock:
These possibilities are relevant for businesses that allow BYOD initiatives. When an employee decides to leave, selective wipe can be used to remove only the company data from the employee-owned device. When workers suspect their gadgets are misplaced, remote lock can be turned on right away.
Education/Awareness:
Many security procedures centre on informing the device’s end users about security issues. In order to leverage sufficient mobile device security, it is crucial to have them taught about certain practises like enabling user authentication services, having a strong password, PINs, and setting up VPN to access corporate data.
In conclusion..
While creating new applications and operating systems, developers should put security as their first priority. In this networked age, it is a very compelling selling factor and helps developers build their reputations, which encourages further sales and helps them avoid negative press or even legal action.
With every company having its own specialised app, security managers will need to conduct a thorough and unbiased analysis of their security threats because the future depends on it.
