Post 1 of 6: Dispelling Mobile App Security Myths – Myth #1 This is post one in a series on Mobile Application Security. Mobile applications are everywhere. The growth of enterprise mobile apps in the past few years has been absolutely staggering. Forrester Research reports that 23 percent of the workforce has downloaded 11 or […]
Facebook recently announced that mobile chat functionality would soon require users to install Facebook Messenger. Fueled by the media, many people have been overreacting about the permissions that Messenger requests before taking time to understand what the true privacy implications were. In a nutshell, Messenger is hardly an outlier relative to the other social media […]
Ever forget your wallet? I do. All the time. If I wasn’t in the security industry, an ability to pay for things with my cell phone (which is never too far from my grasp) would be attractive to me. But LifeLock’s recent move to pull their Mobile Wallet application from the app store and delete […]
The Federal Trade Commission (FTC) recently completed and announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular “Brightest Flashlight” application for Android. Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a […]
It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]
The news regarding the NSA and its British counterpart discussed how the Angry Birds app was targeted as a means to collect personal information about app users. Presumably the agencies were collecting data that the app was already accessing as part of its normal operations. What data is being accessed and should it concern us?
We performed a behavioral analysis on Angry Birds for Android with our mobile application reputation service. Here’s what we found.
It’s easy to be lulled into a false sense of security when you’re using an iphone, but is iOS really the better smartphone operating system when it comes to malware?
According to F-Secure Labs’ latest Mobile Threat Report, malware authors continue to concentrate on the Android platform with 252 new threat families and variant families. The report also shows that 81% of discovered threats are profit motivated. So what does this mean? Most bad guys are still looking for cash with their malware!
Top weather app in Google Play ‘Weather Channel VDO‘ looks to be serving more than the forecast. Capabilities include accessing device and carrier information, and examining account and file system. This app is performing Trojan like-capabilities, downloading a 466 kB file from an IP address listed as a known virus site. Findings also include an association with known adware.
Learn more about Veracode’s mobile application reputation service.
As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic.
I like to think about myths as common ideas that seem to perpetuate regardless of the rapid pace of technology change that is part of the modern world. When I’m out talking to folks about securing mobile apps I find that the same ideas about what enterprise security being perpetuated.
Many of the myths that I come across appear to offer panaceas that are comforting to the status quo. The idea that the newest iPhone or Samsung device will automatically make enterprise mobility safe. If enterprise data is encrypted then it is perfectly safe. If we put a wall around our apps and data then no one will be able to get in. These are comforting myths.