VULNERABILITIES ,THREATS & ATTACKS SCENARIO OF MOBILE APPLICATION

Attack Vector

1.Jailbroken/rooted devices:

Bypassing OS control gives unrestricted access to all aspects and features on the device.
websites that offer this service provide easy conduits to plant malware on phones with sensitive data.

  1. App repackaging:

. Rogue developers repackage legitimate apps with malware.
embedded malware can initiate activities to send out premium SMSes, uninstall antivirus solutions and access sensitive content.

3.Drive-by downloads:

, where accessing infected sites results in malicious apps being installed without user knowledge.

4.Apps from untrusted sources:

installing apps whose provenance is unknown, via SD cards, third-party application stores or even as email attachments.

5.Operating system/device vulnerabilities

OS/device firmware vulnerabilities are often exploited by rogue developers while compromising devices.

6.App vulnerabilities:

Insecure coding can lead to apps acting as a conduit through which malware and attackers gain control of your device.

Vulnerabilities

Bad data storage practices

Malware

Sideloading and lack of encryption all contribute to mobile application vulnerabilities

Threats Scenario

  1. Mobile pick-pocketing:  
    
    Malware and apps indulge in petty financial fraud such as the generation of premium SMSs and premium phone-calls without user intervention or approval.
  1. Stealing of personal information:  
    
    Theft of information like contacts, SMSs and media files is widespread, especially on open platforms.
  1. Spyware:  
    
    Smartphones have features like cameras, microphones and GPS tracking. Several apps allow these features to be activated remotely without the user’s knowledge.
  1. Identity theft:  
    
    This involves spoofing a phone’s parameters and details.
  1. Mobile botnets / relays:  
    
    Smartphones with powerful 2G/3G/4G connections can be used as nodes and relays in a botnet.