Vulnerabilities, Threats and Attack Scenarios of Mobile Applications.

MOBILE APPLICATION VULNERABILITIES

  • Mobile devices are the subject of many security discussions, but it's often mobile applications that serve
    as attack vectors.
  • Bad data storage practices, malware, sideloading and lack of encryption all contribute to mobile
    application vulnerabilities.

MOBILE APPLICATION THREATS SCENARIOS

MOBILE APPLICATION ATTACK VECTOR

  1. Spyware:
  1. Mobile botnets / relays:
  1. . Stealing of personal information:
  1. Identity theft:
  1. Mobile pick-pocketing:
  • Malware and apps indulge in petty financial fraud such as the generation of premium SMSs and premium phone-calls without user intervention or approval.
  • Theft of information like contacts, SMSs and media files is widespread, especially on open platforms. A huge market exists for such databases.
  • Smartphones have features like cameras, microphones and GPS tracking. Several apps allow these features to be activated remotely without the user’s knowledge.
  • This involves spoofing a phone’s parameters and details. With phones being used as a factor for authentication, this can have serious repercussions. India has already seen such cases.
  • Smartphones with powerful 2G/3G/4G connections can be used as nodes and relays in a botnet. These can be used to generate spam or launch distributed denial of service (DDoS) attacks.

click to edit

  1. Drive-by downloads:
  1. Apps from untrusted sources:
  1. App repackaging:
  1. Operating system/device vulnerabilities:
  1. Jailbroken/rooted devices:

⭐ Bypassing OS control gives unrestricted access to all aspects and features on the device. This is a double-edged sword. Users should be aware that the process of Jailbreaking, along with websites that offer this service provide easy conduits to plant malware on phones with sensitive data.

⭐This is a significant problem in the Android space. Rogue developers repackage legitimate apps with malware. Users may still get the functionality of the original app and be unaware of the background malicious activity.

⭐ This is a recent development in the mobile space, where accessing infected sites results in malicious apps being installed without user knowledge. Android provides controls to prevent automated downloads.

⭐ Approved application stores are the best source of legitimate apps. Users take grave risks in installing apps whose provenance is unknown, via SD cards, third-party application stores or even as email attachments.

⭐ OS/device firmware vulnerabilities are often exploited by rogue developers while compromising
devices. To avoid such threats, use updated antivirus packages and ensure that devices are updated with all relevant OS and firmware updates.

  1. App vulnerabilities:

⭐ Secure application development for mobile platforms is still immature. Insecure coding can lead
to apps acting as a conduit through which malware and attackers gain control of your device.
⭐ The best protection is to install a good security solution. Reputed developers ensure that their
apps undergo multiple levels of testing before release to minimize chances of compromise.