Monday, August 12, 2013

Security - More than 700,000 APPs in the Android Market Place (High Risk)


Android Devices Remain Dangerous to the Enterprise and Small Business. Image complements of visnetwork


There is a concept in business IT to stop being "structured" and "uptight" about allowing wireless devices to be a part of a corporate campus. While a Blackberry Server and Blackberry devices were a standard for a long time, newer devices to compete with this network model have brought critics forward to claim the older Blackberry model is pointless and pre-historic.  Yet the design of Blackberry - and its security - has allowed it permission to be a standard in the enterprise. Pundits of this architecture typically have no response to the security aspect of adopting new wireless devices to a business network.  This concept is also known as Bring Your Own Device (BYOD), and continues to be a hot topic in business. While people want the easy approach of simply buying something at the store and connecting it to a corporate network, the security problems this causes are too vast and dangerous to ignore.
This is reviewed and discussed in this great post at CIO.gov.

A recent Trend-Micro report states that over 700,000 apps are likely to steal your personal information.  This is up from 509,000 last QUARTER.

According to the people at Neowin, they highlight findings of the TrendMicro report:
The majority of these malicious apps are disguised as popular apps, but contain malware that could see victims subscribe to costly services. FAKEBANK is a common and prominent malware that does just this. By spoofing "legitimate apps", it creates shortcuts to mobile banking programs. Johnathan Leopando, of Trend Micro, says infected users may then be at risk of entering their banking details into a malicious app.

Additionally, on July 23, 2013, trade magazine Infoworld printed Report: Android Spyware on the Rise discussing a recent Malware investigation report by Kindsight. The report findings review the most popular recent infections, vectors and behaviors:

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53 percent of the total number of infections detected on Android devices.
The second-most-common Android threat was a Trojan program called QdPlugin, whose primary purpose is to install and control other adware programs. This malware is distributed as repackaged versions of legitimate games and connects to a control server located in the U.S.
A particularly worrying trend is the increase in the number of spyware threats that appear in the top 20, according to Kindsight. Spyware programs can typically record phone calls and text messages; track the phone's location; monitor email, social media and browsing activity; access photos and contact information, and more.
"Until now mobile spyware has been aimed at the consumer market, with the promise of being able to track your loved one's every move through their phone," said Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, in a blog post Tuesday. "But locating teenagers and a straying spouse are only one part of the story."
"Mobile spyware in the 'Bring Your Own Device' context poses a threat to enterprises because it can be installed surreptitiously on an employee's phone and used for industrial or corporate espionage," McNamee said.


While this is nothing new to discuss and blog about (see titles below), it remains a significant security concern for the businesses we help at Menlo Technical Consulting.

Malware Infections Soar on Android Devices Over Recent Past   3/20/2012  
Android Mobile Devices are Targets for Malware   12/26/2011  
eWeek periodical says more advanced trends for breaches 2012   12/20/2011  
Why Android is Still a Problem in the Enterprise   10/22/2011
Android – Marketplace Apps 400% Spyware Increase   5/13/2011


Interesting Infographics on the topic:
Kaspersky Labs Infographic 1

Kaspersky Labs Infographic 2



No comments:

Post a Comment