Page 28 - GS140101
P. 28
TheMobileBuzz
he allure of smartphones and tablet computers
has led to an explosion in mobile app develop-
ment, resulting in mobile app stores that offer It is estimated that the number of mobile
T apps for a million-and-one uses. In the retail threats grew from 7,000 in 2010 to 65,000 in
sector, merchants recognize the importance of having 2012, with the number of infected Android
their own private-label mobile apps to capture the coveted
top-of-wallet placement with consumers. devices exploding by 200 percent in 2012 alone.
However, the incredibly diverse and all-pervasive mobile The firm also reported how fraudsters can spy on work
app marketplace is fast becoming a target for fraudsters. places via compromised mobile devices - surreptitiously
All of a sudden, a merchant's new-fangled mobile app taking pictures, listening into conversations and capturing
can become an attack vector for hackers, and a vector of GPS data. "Computer scientists at the Georgia Institute of
reputational risk for the merchant. Technology even demonstrated how a phone on a desk
App fraud detailed could use its accelerometer to detect vibrations from a
nearby keyboard and capture words with up to 80 percent
According to The Wild, Wild West of Mobile Apps, a white accuracy," Webroot said.
paper issued by mobile app risk management firm Webroot
Inc., it is estimated that the number of mobile threats grew Unfortunately, user knowledge of these threats is
from 7,000 in 2010 to 65,000 in 2012, with the number of apparently inadequate. "Most people have been exposed
infected Android devices exploding by 200 percent in 2012 to press coverage of phishing, malware and social
alone. engineering attacks against laptops and desktop PCs,"
Webroot noted. "However, far fewer users are aware that
Webroot said the reason for this proliferation involves the threats against mobile devices even exist. Most are also
number of apps in circulation, combined with unpoliced ignorant of how malicious apps manifest themselves on
app stores and ever more clever crooks. If the biggest and mobile devices - for example, through fast battery drain,
most popular app stores are well monitored, dozens of slow performance and spikes in data usage."
other storefronts have popped up that aren't.
Prevention tactics
"Many of these have little or no ability to identify and The company said mobile device fraud prevention
block apps that contain malware," Webroot said. "Dubious techniques include:
business people and cyber criminals have gone even
further by setting up websites for the purpose of offering • Mobile antivirus software that detects malware
pirated apps and apps containing malware." • Mobile device management (MDM) and mobile
application management (MAM) solutions that
Additionally, fraudsters have developed a knack for monitor mobile devices, lock settings and delete
counterfeiting popular apps, like those of Skype and confidential data if devices are lost
Angry Birds, as well as games like Grand Theft Auto III. • Education that helps mobile device users avoid
The fake apps dupe users into surfing to survey and game suspicious mobile apps and recognize and report
websites where users are bilked of their money or tricked potential attacks
into downloading malware that hijacks smartphone text • Company policies that mandate the use of
message capabilities. approved app storefronts and prohibit employees
from installing nonbusiness applications on
Malicious apps can also retrieve device owners' mobile devices used for business purposes
email addresses and phone numbers, Webroot noted. • Corporate app catalogs that approve and control
Furthermore, fraudsters are adapting phishing and social what apps employees use
engineering schemes honed on PCs to steer mobile users to
bogus bank websites to trick them into divulging account But Webroot said such defenses are not enough. "Mobile
details and passwords. antivirus products do a good job of blocking known
malware, but they can't recognize all variants of malicious
Webroot reported that fraudsters are turning their and repackaged mobile apps," the company said.
attention to hacking into corporations and government
agencies via mobile apps. One attack occurred on a Tibetan The same goes for MDM and MAM products, where
human rights organization. In this scheme, attackers "patches" that keep mobile devices secure are released too
repackaged a popular mobile messaging app so that it slowly to keep pace with the speed of new fraud schemes.
would "change permissions on smartphones and extract "And unless an organization can lock down devices
contacts, call histories and SMS [short message service] and completely control user behavior, some employees
messages," Webroot said. inevitably ignore security education, company policies
and approved app catalogs," Webroot said.
28
he allure of smartphones and tablet computers
has led to an explosion in mobile app develop-
ment, resulting in mobile app stores that offer It is estimated that the number of mobile
T apps for a million-and-one uses. In the retail threats grew from 7,000 in 2010 to 65,000 in
sector, merchants recognize the importance of having 2012, with the number of infected Android
their own private-label mobile apps to capture the coveted
top-of-wallet placement with consumers. devices exploding by 200 percent in 2012 alone.
However, the incredibly diverse and all-pervasive mobile The firm also reported how fraudsters can spy on work
app marketplace is fast becoming a target for fraudsters. places via compromised mobile devices - surreptitiously
All of a sudden, a merchant's new-fangled mobile app taking pictures, listening into conversations and capturing
can become an attack vector for hackers, and a vector of GPS data. "Computer scientists at the Georgia Institute of
reputational risk for the merchant. Technology even demonstrated how a phone on a desk
App fraud detailed could use its accelerometer to detect vibrations from a
nearby keyboard and capture words with up to 80 percent
According to The Wild, Wild West of Mobile Apps, a white accuracy," Webroot said.
paper issued by mobile app risk management firm Webroot
Inc., it is estimated that the number of mobile threats grew Unfortunately, user knowledge of these threats is
from 7,000 in 2010 to 65,000 in 2012, with the number of apparently inadequate. "Most people have been exposed
infected Android devices exploding by 200 percent in 2012 to press coverage of phishing, malware and social
alone. engineering attacks against laptops and desktop PCs,"
Webroot noted. "However, far fewer users are aware that
Webroot said the reason for this proliferation involves the threats against mobile devices even exist. Most are also
number of apps in circulation, combined with unpoliced ignorant of how malicious apps manifest themselves on
app stores and ever more clever crooks. If the biggest and mobile devices - for example, through fast battery drain,
most popular app stores are well monitored, dozens of slow performance and spikes in data usage."
other storefronts have popped up that aren't.
Prevention tactics
"Many of these have little or no ability to identify and The company said mobile device fraud prevention
block apps that contain malware," Webroot said. "Dubious techniques include:
business people and cyber criminals have gone even
further by setting up websites for the purpose of offering • Mobile antivirus software that detects malware
pirated apps and apps containing malware." • Mobile device management (MDM) and mobile
application management (MAM) solutions that
Additionally, fraudsters have developed a knack for monitor mobile devices, lock settings and delete
counterfeiting popular apps, like those of Skype and confidential data if devices are lost
Angry Birds, as well as games like Grand Theft Auto III. • Education that helps mobile device users avoid
The fake apps dupe users into surfing to survey and game suspicious mobile apps and recognize and report
websites where users are bilked of their money or tricked potential attacks
into downloading malware that hijacks smartphone text • Company policies that mandate the use of
message capabilities. approved app storefronts and prohibit employees
from installing nonbusiness applications on
Malicious apps can also retrieve device owners' mobile devices used for business purposes
email addresses and phone numbers, Webroot noted. • Corporate app catalogs that approve and control
Furthermore, fraudsters are adapting phishing and social what apps employees use
engineering schemes honed on PCs to steer mobile users to
bogus bank websites to trick them into divulging account But Webroot said such defenses are not enough. "Mobile
details and passwords. antivirus products do a good job of blocking known
malware, but they can't recognize all variants of malicious
Webroot reported that fraudsters are turning their and repackaged mobile apps," the company said.
attention to hacking into corporations and government
agencies via mobile apps. One attack occurred on a Tibetan The same goes for MDM and MAM products, where
human rights organization. In this scheme, attackers "patches" that keep mobile devices secure are released too
repackaged a popular mobile messaging app so that it slowly to keep pace with the speed of new fraud schemes.
would "change permissions on smartphones and extract "And unless an organization can lock down devices
contacts, call histories and SMS [short message service] and completely control user behavior, some employees
messages," Webroot said. inevitably ignore security education, company policies
and approved app catalogs," Webroot said.
28
