By John P. Mello Jr. TechNewsWorld 11/05/12 5:00 AM PT
More than a quarter of the apps on Google Play ask for permission to access information that isn't critical to their performance. For example, why would a wallpaper app need your GPS position? "The model for many of these applications is get as many permissions as you can get and then figure out what you're doing later," said Bit9 CTO Harry Sverdlove.
An analysis of more than 400,000 apps in the Google Play store has revealed that more than 100,000 of them pose a potential security risk to their users.
The analysis of the Android apps released last week by cyber security vendor Bit9 examined the security permissions requested by the programs. It found that 72 percent of the 412,000 programs examined used at least one potentially risky permission -- GPS location data, phone calls or numbers, information on contacts and such.
"We're not saying the apps are carrying viruses or malware, but they do things or have access to things that are questionable for the app that they are," Bit9 CTO Harry Sverdlove told TechNewsWorld.
For example, one wallpaper app in the analysis asks for permission to access a phone's GPS data. Why does the wallpaper app need access to that information?
"The model for many of these applications is get as many permissions as you can get and then figure out what you're doing later," Sverdlove said.
Bit9 also conducted a survey of IT decision-makers about mobile policies within their organizations which all told had more than 400,000 employees. It found that 71 percent of the businesses allowed employees to bring their own mobile device to work, but only 24 percent have deployed any applications to manage and control those devices. That indicates, the report said, that convenience, and not security, drives the growing BYOD trend in corporations.
Cybercrime Barriers Lowered
Cybercrime isn't a hobby anymore. That was evident in a report released last week by Trend Micro on the cyberunderground.
"The most surprising thing about that report is that it details the maturity and the extent of the cyber crime market," said Rik Ferguson, director of security research at Trend Micro.
A niche market has developed around the tools and services of cybercrime. "With this fragmentation, the market has become compartmentalized," he told TechNewsWorld. "Individual vendors can create software, find exploits, offer services, like VPN or bulletproof hosting."
Not only has the sale of tools and services become fragmented, but so have the players. "Smaller groups, smaller cells, are doing it now rather than big criminal organizations," he said.
One of the reasons for that is that the barriers to entry for cybercrime have been lowered over the years. "It takes less knowledge and it takes less money to get up and running and off the ground in the world of cybercrime," Ferguson said.
Phishing's Future
Phishing -- a form of spam that tries to pry personal information from a target or detour them to a malicious website -- has greatly evolved over the last 10 years. It's losing its shotgun spam qualities and becoming more refined through spear phishing.
"With spear phishing, you know something about the target," ESET security analyst Stephen Cobb explained. "That acts as a multiplier of the deception factor."
If a target receives a message from a mass phishing campaign aimed at the customers of the bank they have no accounts with, they would probably just delete the missive. On the other hand, if the target is a defense contractor and they receive an email with an attachment with "defense" in its filename, the target's name on the "to:" line and a known associate's name on the "from:" line, the message will have a measure of credibility with the target.
"If your phishing message contains something that your target is interested in, then it's more effective and you have a greater probability of succeeding," Cobb told TechNewsWorld.
Data Breach Diary
Just Another Mobile Phone Blog ...
0 comments:
Post a Comment