Apps and Malware – A Marriage Made for Cyber Attacks

Apps and Malware – A Marriage Made for Cyber Attacks

Apps and Malware – A Marriage Made for Cyber Attacks

As Smartphones and Tablets continue to develop into key threat vectors for cyber criminals to exploit, there are important steps to take to help your mobile connected workforce mitigate threats.

While Android has been the poster child for exploits, iOS is not a safe haven and often creates a false sense of security. Recent reports depict popular flashlight apps as potential carriers of malware that create security and privacy breaches. As with any app it is very important to educate your mobile connected workforce on how to evaluate and assess if an app is requesting excessive permissions. Most users skim through the app permission request screens without giving them much thought or concern. Also, app updates and downloads are often mass accepted without scrutiny. The biggest issues with the flashlight apps are overstepping their permissions and requests to modify or delete contents on your USB storage, requesting your location, changing display settings, viewing network connections and writing home settings and shortcuts.

Employees that have been provided with corporate issued Smartphones and Tablets as well as employees that have been approved for your Bring Your Own Device (BYOD) program should be educated on the approved process for selecting and installing applications that comply with your corporate wireless policy. Here are some important steps to take to mitigate malware risks associated with mobile apps:

  1. Stick to trusted sources for app downloads! Avoid third party app stores “ while malware certainly exists in Google Play and in iTunes, Google and Apple have teams that are working to identify and eliminate apps that contain malware. Third party app stores are frequent targets for malware distribution. In fact, app stores from China are responsible for more than 350,000 downloads of iOS malware Wirelurker. For employees that access proprietary corporate data on their mobile devices, you should consider a more robust policy that requires corporate IT approval of all app downloads. This can also be governed by deploying an enterprise app store with tested and approved apps.
  2. App permission assessment. Some malware may act like a legitimate app and then request additional permissions via app updates. It is important that your mobile connected users don’t automatically allow app updates. In addition, when selecting new apps to install, it is important to review the requested permissions. Here is a list of categories that are often included in permission requests:
    • In-app purchases
    • Device & app history
    • Cellular data settings
    • Identity
    • Contacts
    • Calendar
    • Location
    • SMS
    • Phone
    • Photos/Media/Files
    • Camera/Microphone
    • Wi-Fi connection information
    • Bluetooth connection information
    • Device ID
    • Call information
  3. App size assessment. According to most security reports, most flashlight apps that contain malware are 1.2 to 5 megabytes. Simple applications like flashlights should only be in the 75k size range according to Snoopwall, an IT security and counter surveillance firm. If an app appears to be exceedingly large for the process it is performing then there could be some underlying threats. Make sure that your mobile users are educated on what to look for and how to prevent downloads of apps that appear to be threats.
  4. Mobile Device Management. Make sure that your mobile device management policies and controls are active and up to date. Your mobile connected workforce should have GPS, Near Field Communications, Bluetooth, microphone and camera controls in place to prevent possible threats.

For more information on securing your mobile workforce and their devices, visit us at http://www.ovationwireless.com/mdm-mobile-device-management/