TMCnet News

Apps more dangerous than human leakers [New Straits Time (Malaysia)]
[January 19, 2014]

Apps more dangerous than human leakers [New Straits Time (Malaysia)]


(New Straits Time (Malaysia) Via Acquire Media NewsEdge) WHILE recent headlines have focused on the leaks by Edward Snowden and United States soldier Private Bradley Manning, the threats from lower profile "mobile pickpockets" who prey on smartphones and tablets may be as dangerous to corporations, telcos and even governments.



Now exiled in Russia, Snowden, a former analyst for the US National Security Agency, disclosed top secret information about the US government's mass surveillance programmes to the media. Manning has been jailed for disclosing military and diplomatic intelligence to WikiLeaks.

However, more insidious threats to enterprises - often emanating from generally accepted global trends to promote office productivity - may generate less media publicity but are a greater threat to financial security or the reputation of enterprises.


First, as more Generation Y executives rely on their own devices, such as laptops and smartphones, at work, an organisation's confidential information is at risk of being disclosed.

"Bring Your Own Device" or BYOD is increasingly a workplace norm as organisations seek to retain younger staff. And as organisations shift towards cloud computing, the ease of linking up various devices is difficult to argue against. However, BYOD has also opened up opportunities for cyber thieves to "phish" for information on the cloud's server, instead of the traditional platform such as personal computers.

The servers reside within the Internet service providers (ISP) that may often have lax controls, allowing hackers to penetrate them without being detected.

Secondly, as there is growing adoption of apps in smartphones and tablets - including for use by enterprises - cyber terrorists can now make use of this platform to commit crime.

A more ominous threat is the increasing popularity of smartphones and tablets apps. Cyber pickpocketing is now scalable through apps, available for download, as worldwide smartphone sales, according to technology analysts International Data Corporation, are expected to rise rapidly over the next few years, reaching 1.7 billion by 2017.

Indeed, well away from the headlines, such app-based phishing and malware are a far more ominous and prevalent form of cyber theft. The individual amounts pilfered are insignificant and the theft can go on undetected for months or even years. This has indirectly granted mobile hackers impunity.

Compounding this problem is the recent rush by telcos worldwide to set up their own app stores. Amid falling voice and data average revenue per user rates, telcos are turning to apps to drive mobile- based revenue.

Their haste to set up such stores without proper security invites cybercriminals to create malicious apps with a veneer of legitimacy.

In helping app store owners to set up cyber-defences, Tech Mahindra found iOS to be robust, in preventing potential hacking or phishing. The hackers' strategies often revolve around inserting malicious code into legitimate apps, without invalidating their digital signatures - they look like legitimate apps.

One simple solution is to have apps scanned before they are hosted in app stores. This can be done via a centralised hub that monitors and manages an organisation's security status. Here, an aggregation and management tool translates findings into assessments for review and testing. Once an app is suspected of malicious activity, it is immediately sent back to developers to be fixed.

Cybercriminals have become stealthier than ever, with a German hacking team cracking the iPhone 5S highlight feature - fingerprint recognition - only days after its release. This is attributed to the lack of control by system regulators.

Take BYOD for example. Password and fingerprint authentication may have been implemented to safeguard corporate and personal information, but many organisations do not feel the need for stronger authentication.

Many such organisations also underestimate the importance of tracking and inserting central control over employees' devices, thus, leaving a chasm for cybercriminals.

Organisations should realise that having a technological defence system against cyber criminals is merely a hygiene factor.

While such defences must be in place to safeguard sensitive corporate information, organisations should not overlook the regulation of the use of personal devices in the workplace.

In the high-stakes cat and mouse game enterprises have to engage with cyber rogues, the defence system has to combine simple tools to counter the elusive mobile pickpocket, implement basic procedures to identify online assets and remain alert to the possibility that a disgruntled worker may engage in insider theft to destroy or embarrass his employer.

(c) 2014 ProQuest Information and Learning Company; All Rights Reserved.

[ Back To TMCnet.com's Homepage ]