Vulnerabilities, Threats and Attack Scenarios of Mobile Applications.…
Vulnerabilities, Threats and Attack Scenarios of Mobile Applications.
MOBILE APPLICATION VULNERABILITIES
Mobile devices are the subject of many security discussions, but it's often mobile applications that serve
as attack vectors.
Bad data storage practices, malware, sideloading and lack of encryption all contribute to mobile
MOBILE APPLICATION THREATS SCENARIOS
Smartphones have features like cameras, microphones and GPS tracking. Several apps allow these features to be activated remotely without the user’s knowledge.
Mobile botnets / relays:
Smartphones with powerful 2G/3G/4G connections can be used as nodes and relays in a botnet. These can be used to generate spam or launch distributed denial of service (DDoS) attacks.
. Stealing of personal information:
Theft of information like contacts, SMSs and media files is widespread, especially on open platforms. A huge market exists for such databases.
This involves spoofing a phone’s parameters and details. With phones being used as a factor for authentication, this can have serious repercussions. India has already seen such cases.
Malware and apps indulge in petty financial fraud such as the generation of premium SMSs and premium phone-calls without user intervention or approval.
MOBILE APPLICATION ATTACK VECTOR
:star: This is a recent development in the mobile space, where accessing infected sites results in malicious apps being installed without user knowledge. Android provides controls to prevent automated downloads.
Apps from untrusted sources:
:star: Approved application stores are the best source of legitimate apps. Users take grave risks in installing apps whose provenance is unknown, via SD cards, third-party application stores or even as email attachments.
:star:This is a significant problem in the Android space. Rogue developers repackage legitimate apps with malware. Users may still get the functionality of the original app and be unaware of the background malicious activity.
Operating system/device vulnerabilities:
:star: OS/device firmware vulnerabilities are often exploited by rogue developers while compromising
devices. To avoid such threats, use updated antivirus packages and ensure that devices are updated with all relevant OS and firmware updates.
:star: Bypassing OS control gives unrestricted access to all aspects and features on the device. This is a double-edged sword. Users should be aware that the process of Jailbreaking, along with websites that offer this service provide easy conduits to plant malware on phones with sensitive data.
:star: Secure application development for mobile platforms is still immature. Insecure coding can lead
to apps acting as a conduit through which malware and attackers gain control of your device.
:star: The best protection is to install a good security solution. Reputed developers ensure that their
apps undergo multiple levels of testing before release to minimize chances of compromise.