VULNERABILITIES ,THREATS & ATTACKS SCENARIO OF MOBILE APPLICATION
Attack Vector
1.Jailbroken/rooted devices:
Bypassing OS control gives unrestricted access to all aspects and features on the device.
websites that offer this service provide easy conduits to plant malware on phones with sensitive data.
- App repackaging:
. Rogue developers repackage legitimate apps with malware.
embedded malware can initiate activities to send out premium SMSes, uninstall antivirus solutions and access sensitive content.
3.Drive-by downloads:
, where accessing infected sites results in malicious apps being installed without user knowledge.
4.Apps from untrusted sources:
installing apps whose provenance is unknown, via SD cards, third-party application stores or even as email attachments.
5.Operating system/device vulnerabilities
OS/device firmware vulnerabilities are often exploited by rogue developers while compromising devices.
6.App vulnerabilities:
Insecure coding can lead to apps acting as a conduit through which malware and attackers gain control of your device.
Vulnerabilities
Bad data storage practices
Malware
Sideloading and lack of encryption all contribute to mobile application vulnerabilities
Threats Scenario
Malware and apps indulge in petty financial fraud such as the generation of premium SMSs and premium phone-calls without user intervention or approval.Mobile pick-pocketing:
Theft of information like contacts, SMSs and media files is widespread, especially on open platforms.Stealing of personal information:
Smartphones have features like cameras, microphones and GPS tracking. Several apps allow these features to be activated remotely without the user’s knowledge.Spyware:
This involves spoofing a phone’s parameters and details.Identity theft:
Smartphones with powerful 2G/3G/4G connections can be used as nodes and relays in a botnet.Mobile botnets / relays: