Hong Kong pro-democracy protesters are the target of a new mobile malware attack according to news reports. The attack is not actually being carried out through a “bad iOS app” though. In fact, it runs a script within Cydia (a 3rd party “AppStore” app that can only reside in jailbroken devices.) The cross platform nature of the attack shows that the attackers wanted to maximize their attack coverage by targeting users of both of the primary mobile OS out there (Android and iOS). In its own way, it’s also another sign of the massive shift toward mobile computing as users spend more and more time on their mobile devices rather than their desktops and laptops so it makes sense that attacks also shift to those platforms.
For the enterprise, the attack further highlights the dangers of jailbreaking, and the importance of having jailbreak detection as part of any corporation’s mobile security strategy.
On another note, as of this week, the FBI has joined the mobile app security world. According to media outlets the FBI has arrested a a man in the US for allegedly selling StealthGenie spyware online. After hearing about what this app can do, you’ll understand why FBI officials got involved.
This app is able to monitor calls, texts, videos, and other communications via mobile phones without being detected or needing the user’s consent. This includes recording calls, activating the phone to monitor surrounding conversations within 15 feet, and essentially illegally gaining access to the phone’s DNA.
Although most advertising for the app is aimed at unfaithful spouses or partners, this poses a real threat to enterprises who could be completely oblivious of users who may have downloaded this threatening app onto their phone.
Thankfully for the enterprise, Appthority’s Mobile App Risk Management Service can help catch these types of risky apps before they are able to exploit sensitive data. Additionally the FBI has ruled this a federal crime and the hosting website StealthGenie has been temporarily disabled under a restraining order.
In other lighter news, our very own CEO Paul Stich shared his insight on Appthority, mobile security and careers with Randi Yagi of CBS San Francisco about Appthority and mobile security in general. With recent security breaches of major retailers like Target and Home Depot, top notch security experts are in high demand. Paul discussed his background with CBS including his education, first job, and some other work down the road that led him to Appthority. He touches on the importance of the analysis that Appthority does as the leading app risk management service and the difficulties companies face as they balance enabling mobile productivity while still mitigating the risk.
Paul also gives some great advice for young people interested in a career in mobile app risk. Check it out.
Thoughts or comments about risky enterprise apps? Reach the Appthority team on Twitter at @Appthority.