The Mobile Threats Lurking In Our Applications
Vivien Raoul, Pradeo co-founder & CTO, urges enterprises to consider the mobile threats that arise from applications and shares insights from Pradeo’s 2018 Mobile Threat Landscape Report.
Last year, mobile applications were the target of choice for cybercriminals, with 86% of mobile threats using them as an attack vector. To get an accurate overview of mobile threats, it’s interesting to observe how mobile applications can jeopardize data privacy. A mobile application can threaten users in two different ways:
- By performing malicious or unwanted actions: in this case, the nature of the app is compromised. Hidden behind a front (game, tool…), the app’s purpose is to steal sensitive data.
- By being vulnerable to attacks: this occurs when an app is developed with security flaws and those can be exploited by hackers to access private data.
Pradeo’s researchers recently published a report of the mobile threats currently surrounding enterprise, with a focus on data privacy violations, malware and Open Web Application Security Project (OWASP) vulnerabilities related to mobile apps. This article features some of our findings.
Download Pradeo’s latest report: Mobile Threat Landscape 2018
Data privacy violations, the biggest mobile threat
Far ahead of network exploits, OS manipulations and malware, data privacy violation is the main threat our mobile data is exposed to, with 61% of Android mobile applications and 36% of iOS mobile applications sending data through remote servers. Most of the time, data is sent by libraries included in mobile applications for tracking and marketing purposes. However, Pradeo identified that 16.8% of applications establish connections to uncertified suspicious servers. Discover what data is sent to the network in the full report.
Health and bank data are a privileged target
The Pradeo lab observed a jump in overlay malware among zero-day threats in the last 6 months.
Overlay malware is designed to mimic legitimate applications to harvest credentials. It tricks users into entering sensitive data in a fake window, collecting and forwarding them to a remote attacker. 83% of these malware target bank and health apps, industries where data theft is predicted to grow.
OWASP vulnerabilities, the cost of negligence
Every month, thousands of mobile applications are released and the amount of apps available on popular marketplaces or stores is currently estimated to be over 4 million. In a recent study, the Ponemon institute identified that only 29% of mobile applications are being tested for flaws. The lack of security measures during the app development life cycle results in 31% of mobile applications hosting OWASP vulnerabilities, exposing them to Man-In-The-Middle attacks, data leakage, denial of service, and more.
VMware Workspace ONE and Pradeo MTD can help with end-to-end protection of mobile endpoints
Pradeo Security Mobile Threat Defense integrates with Workspace ONE to identify and block threats on users’ devices. Non-compliant devices and applications are automatically synchronized on the Workspace ONE platform to reduce risk of mobile threats and provide a complete view. Learn more about the integration here.
As a member of the VMware Mobile Security Alliance, Pradeo helps companies meet end-to-end mobile security requirements. Pradeo provides a set of solutions, including mobile endpoint security, runtime application self-protection and mobile application security testing, to identify security flaws, set a robust security framework and automatically prevent attacks. Pradeo next-generation technology, recognized by Gartner for the fourth consecutive year, provides reliable threat detection thanks to its patented artificial intelligence process.
Pradeo’s Mobile Threat Landscape report is based on a sample of 2 millions Android and iOS mobile applications, analyzed by Pradeo’s Artificial Intelligence engine. Get more details about the mobile threat environment currently surrounding us in the full report.
About the Author
Since 2008, Vivien Raoul, Pradeo’s co-founder and chief technical officer, has committed himself to creating a next-generation technology that provides reliable mobile device threat detection and master applications. Pradeo Security solution is the result of several years of research and development and takes mobile security to the next level.