Monday, February 5, 2018

What are the real mobile security threats? Part 2: Apps and Devices

In our previous post we had a look to the most dangerous threats mobile devices are facing: network threats.

What about the apps?


The apps are potentially another strong danger for mobile users. There are millions of apps in official stores, and the truth is that it is likely that in this mass of applications some malicious app has managed to get to pass the filters set up by Google or Apple.

However, we must recognize that unlike what happened for Windows, there are official and controlled sources of apps, and the controls are up to now quite effective.

But even so every now and then some threat appears, sometimes unexpectedly. It has been the case for example of thousands of applications that were developed using XCodeGhost, a light and unofficial version of Apple's official development environment called XCode. This development environment included a spyware that was automatically added to the apps developed without the developers knowing.

Since this latest incident in 2015, the owners of the stores have redoubled their efforts and are even auditing the code of the applications in search of malicious code.

Another source of threats are apps from unofficial stores. Except for specific cases, unofficial stores do not offer the same guarantees, and it is very likely that if an application is only available in an unofficial store, it is because they are not allowed to be in the official store.
Apps from non official stores can be installed at your own risks

And although the initial reason for not being in the official store is not due to security reasons, for example, due to the shop's ethical rules (money games, etc.), or copyright protection, once in the store the temptation of malicious extra income is great: theft of personal data, invasive advertising, etc.

And if an app also exists in the official store, there is no guarantee that the version of the non-official store will be the same, or that its version will be the last one and will include corrections of new vulnerabilities.

Location


Many applications collect location information, and worse, some publish them in such a way that your friends or people in the vicinity know you are nearby.
Some Apps let people know where you areThis information can be used to perform "passive intelligence" such as knowing if you have visited a potential client or site.

For example, in January 2018, global usage maps of the Strava fitness application were published, and looking at the map of Iraq or Syria, you could see isolated points corresponding to American soldiers who used it while training at their bases, revealing where these training camps were.

Vulnerabilities


As for any operating system, vulnerabilities of iOS and Android are regularly discovered. Unlike Windows, the frequency of updates to mobile devices is quite long. For example, it is monthly in the case of Android.

Worse yet: the monthly patching mechanism has only recently been launched, and most of the devices currently on the market do not have regular updates.

In contrast, at the application level the pace of updates is permanent, and many vulnerabilities at the operating system level are solved at the application level, at least if we talk about the applications of the most important providers such as Facebook, Google, etc.

Configuration


A final point to take into account when protecting yourself is the use of certain dangerous configurations.

We already mentioned the practice to avoid downloading applications outside the official stores, which can be limited by disabling this option.

Then there are other modes that allow malicious applications to access more data than they could: "rooted" phones, developer /debugging mode. A "rooted" or "Jailbreaked" phone is a smartphone in which the manufacturer's operating system (Android/iOS) has been replaced by an unofficial version in order to access additional functions and bypass the normal permissions of a normal user.
Rooted or jailbreaked mobile devices are more exposed to threats
An application can then access protected information of the phone. And it may even be the owner of the phone, which in this case is the danger wanting to access these functions and data: if we are talking about a professional telephone, there are no plausible reasons to that an employee should use a phone with these modes enabled.


Finally we must think that a phone can be stolen or lost, and we must ensure that the data in it cannot be accessed, through storage encryption or access mechanisms controlled by code, scheme, etc.

In our next postwe will review all the precautions that can and should be taken to protect against the security threats in our smartphones.

How to protect against mobile threats


If you want more information on about how to protect against mobile threats, you an read the 3rd part of our post.

No comments:

Post a Comment