Consumers may associate hacks and security breaches with the PC, but thanks to the massive growth of smartphones and tablets in the past few years, cybercriminals turn attention to the budding platform, looking for new ways to extract personal identification and credit card information from unsuspecting users.

Although mobile security makes headlines every day — with harrowing statistics, such as the fact that approximately 40% of U.S. mobile users will click on an unsafe link this year — the biggest trend in mobile vulnerability is related to apps.

“While mobile hacks can happen in any number of ways, one of the most common access points is through insecure apps,” Zach Lanier, researcher at Veracode, told Mashable. “People should be concerned about what information the apps they install have access to and what gets shared on a regular basis. Users should also be more wary of which free Wi-Fi hubs they’re connecting to, as most users don’t think twice about connecting to any free and open wireless network.”

For example, about 100,000 Android apps — of the 650,000 total apps in Google Play — were recently considered “suspicious” or “questionable,” according to research conducted by security software firm Bit9. Although not all of the apps were deemed malicious, they performed questionable tasks and have access to private information, which present a risk to enterprises.

“With mobile gadget growth projected to triple by 2015, there’s no reason to believe mobile hacks will do anything but follow that trend,” Lainer says. “Android is particularly more susceptible to attacks, and its apps market has been in the spotlight recently for a lack of any type of security standards protecting its users.”

Of the 6 million people affected by Android malware from June 2011 to June 2012, most of which were affected by toll fraud applications. This is when an unsuspecting victim is billed through premium SMS services such as wallpaper subscriptions, and this type of fraud makes up 62% of all threats found on mobile apps, according to Lookout’s 2012 State of Mobile Security Report.

It also noted that the majority of Android app threats come from third-party app markets and are typically not found in the official Android market. In addition, studies show geography has lot to do with whether your mobile device has been hit by malware or spyware. In fact, the likelihood of coming across mobile malware is the highest in Russia (41%), compared to 5% in the Unites States.

This is largely attributed to mobile behavior endemic to certain regions, such as clicking on suspicious links and downloading untrustworthy apps. In Russia, the lax regulatory practices are encouraging the trend, allowing certain locations to be more lucrative for cybercriminals to spread malware.

“Cybercriminals do take advantage of the way you use these devices to trick you into opening risky emails and web pages, or accidentally downloading a malicious file,” says Robert Siciliano, an online security and identity theft expert for McAfee. “For example, they know that the small screen space on many devices makes it harder to check for telltale signs that an email or webpage is phony.”

Melissa Thompson, tech expert and CEO of startup TalkSession, believes it’s also become easier for hackers to meet virtually on the web to discuss strategies.

“There has been a consistent growth in the number of conversations and members in ‘hacker forums,'” Thompson said. “Also, many international and niche hacking sites have popped up. As more people utilize more mobile devices, there will be more mobile hacking issues in the future, but hopefully more security dollars will be spent on mobile security.”

The good news is that, similar to how consumers use firewall protection and anti-malware defense to prevent PC attacks, there are ways to protect your mobile device.

“Before you allow hackers to use your mobile device as the gateway to your online identity, or the devices of those in your network, make sure you are using a mobile protection solution that defends against the aforementioned hacks and helps you understand the risky behaviors associated with apps,” Siciliano says.

Read the whole article here –
http://mashable.com/2012/11/12/mobile-hackers-app-security/

Advertisements