How best to find and fend off malicious mobile apps
This Security School is a free multimedia learning guide designed to help you understand and address the strategic and tactical implications of this topic.
Mobile device manufacturers strive to develop cool new features for their products, but there's little question
that during the course of the past few years, innovation in the mobile marketplace has been measured by the success of mobile apps. To no one's surprise, hackers are seeking to take advantage of users' increasing affinity for mobile apps by creating malicious mobile apps tailored to exploit mobile device-specific weaknesses and vulnerabilities.
This tip looks at whether some of the most recent malicious mobile apps are merely an inconvenience for, or really a threat to, your organization.
Inevitably, a headline about the latest killer malware probably prompts at least some CEOs to anxiously call the security team to check that the company's entire customer database wasn't stolen overnight. Evaluating which headlines need serious investigation and which can be ignored is becoming a skill that all network administrators need in order to avoid wasting money and manpower on threats that aren't relevant to a specific IT environment.
A recent news story offers an interesting lesson. Its headline read "Major iOS flaw makes iPhones, iPads vulnerable to keylogging," implying disaster for iPhone-friendly enterprises. More careful review of the original research, though, shows this is a flaw Apple will need to fix, but that there's no immediate threat to the enterprise. In fact, this story was actually about a proof-of-concept app created by researchers at FireEye. The app works on non-jailbroken iOS devices and is capable of sending any illicitly captured data to a remote server. However, the techniques used are a long way from being viable in an automated attack. In other words, it's a situation that needs monitoring, but no more.
Similarly, an advisory issued by BlackBerry warned BlackBerry 10 customers that remote code-execution vulnerability could threaten phone security. For the attack to work though, the phone must be in development mode and be on the same network as the attacker, or the attacker must have physical access to the phone. Clearly these conditions reduce the likelihood of the threat, as there have been no documented attacks of this sort -- so while BlackBerry's update should be installed, it's not a major priority.
There's no question that the rapid evolution of mobile technology, mobile apps in particular, bears watching.
Most stories about malicious mobile apps should be checked out, but most will only be of concern to administrators that allow jailbroken or rooted devices onto their network. There is definitely an increased security risk associated with installing unknown apps on jailbroken or rooted devices, as built-in security features are disabled, making it easier for attackers to gain administrative or privileged access. The Unflod malware, for example, can find Apple ID credentials on jailbroken iPhones and iPads and transmit data to attacker-controlled servers.
Security awareness training can help users understand the dangers of downloading apps from unknown sources, or operating jailbroken or rooted devices. Symantec Corp.'s latest Internet Security Threat Report found that most malicious apps for mobile devices are Trojans posing as legitimate apps. Also, Web-based ads now hold the top spot for malware distribution, so keeping users up to date with the latest techniques hackers are using can be essential.
Another worthwhile layer of defense against malicious mobile apps is a mobile device management product that can tell whether jailbroken devices are connecting to, or are active on, a network. These apps will then generate alerts if any suspicious activity is detected. They can also ensure that users' devices are running the latest OS and software versions.
There's no question that the rapid evolution of mobile technology, and of mobile apps in particular, means users will need to be more vigilant about potential risks. Security teams should follow vendor alerts and security mailing lists, but it's just as important to read the story behind the headline and assess whether a worst-case scenario involving a malicious mobile app could actually endanger data and network security in your system before declaring a state of emergency.