Threat Intelligence Blog

Posted July 12, 2013

Our last few blog articles about rogue mobile apps have highlighted some of the methods criminals use against mobile phone users, and ways consumers and companies can mitigate the risk of being attacked. Apple and Android have also recently updated their security measures to help combat mobile application security issues.

Apple just announced that iOS 7 will be released this fall. The list of features includes a major design overhaul, new features such as a “control center,” and enhanced security for business users. Some new business security features will include data protection for all apps, controls on which applications can be used to open email files, and allowing enterprise apps to avoid receiving a user’s network traffic while still being able to use a specific virtual private network (VPN).

As mentioned in our previous blog posts, however, some of the largest vulnerabilities to the iOS system were caused by users “jailbreaking” their phones, and the new security features don’t address this. For example, last month a Trojan horse in the Simply Find It app went undetected because the malicious URL wasn’t triggered. Additionally, there are still plenty of “look alike” apps such as “Temple Guns” instead of “Temple Runs” or “Zombie Air Highway” instead of “Zombie Highway” that fool users into downloading apps loaded with malware.

Like Apple, Android has added more security features to protect users from cybercriminals. Its current system 4.2.x has a protection feature to combat the most prevalent type of rogue mobile app, which sends undetected SMS messages. More than 75 percent of all Android rogue mobile apps are SMS messages sent to premium rate numbers.

However, just like the new security measures included in the new iOS, these new Android security features will not completely eliminate malicious mobile apps. For example, researchers at Juniper Networks have found that only 4 percent of devices are using Android 4.2.x, meaning most users are still vulnerable to those attacks. One reason for the adoption lag could be that Android updates are not released on a set schedule.

While these recent updates will undoubtedly help combat rogue mobile apps, human error will always allow criminals to find a way to attack mobile devices. In addition to the security measures taken by Apple and Android, there are a few simple things that mobile phone users can do to in order to avoid inadvertently downloading a bad app:

  • Update the Android phone’s operating system
  • Do not “jailbreak” phones
  • Carefully inspect the name of the app before downloading and check the official game’s website for the official game name

If you’re responsible for mobile application or mobile device security within your organization, we recommend you carefully consider the new safety measures to see how they may impact your organization’s employee mobile device guidelines or mobile application development policy.

Additional Posts

Securing User Privacy with HTTPS

"All Sites Should Deploy HTTPS" Internet Security 101 teaches us that sites should use SSL to ...

Hidden Cost of DDoS Attacks:

Diminished Productivity as IT, Security Pros Fight Large, Sophisticated Assaults As we’ve seen in ...