Editorial content organized by topic
Sponsored content from industry partners
PRODUCT/CONTRACT ANNOUNCEMENTS
Latest offerings by category 
Articles submitted by industry partners

 
Mobile apps found vulnerable and apt to leak information E-mail

August 16, 2011

A new study shows that many mobile applications leak personal information and that mobile devices may be as vulnerable to drive-by downloads as PCs, according to a report by Dasient Inc., a provider of anti-malware solutions.

“Our research indicates that mobile devices and applications are subject to a number of security considerations that may cause them to leak personal data, or expose users to infection via malicious drive-bys,” said Neil Daswani, Dasient’s cofounder and chief technology officer. “These issues need to be recognized immediately, both by those who write mobile applications and by the people who use them.”

Some of the key findings of Dasient’s research include:

842 of the 10,000 apps analyzed from Google’s Android marketplace were leaking private information. The apps transmitted International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers to remote servers, potentially exposing this personally identifying information to compromise.

The leaks occurred most frequently when application developers used IMEIs as user IDs, enabling unrelated applications to compare notes on user behavior, and clone users’ phones.

Hashing IMEI numbers to protect privacy does not protect user privacy. While some mobile application developers seek to protect the personal IMEI data via cryptographic hashing, the Dasient security team found that the hashing techniques used on IMEI were relatively easy to circumvent.

Mobile drive-by attacks can become a very real and new threat vector for malware distributors. While drive-bys on desktop PCs on the web are very common, the ability to conduct mobile drive-by attacks is a new, and potentially attractive, method of deployment for malware distributors.

“Mobile devices and applications are becoming a more popular platform for malware creation and distribution,” Daswani concluded. “It’s likely that we are on the threshold of another new wave of malicious attacks, and the time to start preparing is now.”

Access the full report at http://www.dasient.com/mobile-malware-madness/ (Requires registration.)
Set as favorite
Bookmark
Email This
Trackback(0)
Comments (0)add comment

Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

security image
Write the displayed characters


busy
 
[ Back ]

techglobe.jpg TechTopics Plus
blogs1.jpg
ABA BANK DIRECTORS BRIEFING
ABA Bank Directors Briefing For the director who wants to stay on top of the job

ABA Bank Directors Briefing
podcast_icon30.jpg PODCASTS & WEBINARS