Mobile app hacking has risen drastically over the last couple of years. It's become one of the most preferred vehicles of exploitation that hackers use. In this article, we take a look at some statistics revealed by Industry experts that gives us a sense of the reality these threats pose.
RSA’s recent report stated that smartphones are quickly becoming one of the main channels for hackers. Fraud from mobile browsers and apps account for more than 71 percent of all illegal transactions.
This study also found that nearly 10,000 rogue apps responsible for 28 percent of all attacks.
Despite these alarming statistics, most businesses — even most corporate executives — still don’t take basic security precautions. There is another report in early 2016 released by Intertrust which stated the cost of mobile app hacks and breaches will reach $1.5 billion by 2021, we’re slowly inching towards that number.
We’ve noticed that mobile device security often gets less attention than security for network systems or even laptop computers. The same report states that $34 million is spent annually on mobile app development while only $2 million is spent on app security. This reinforces the ancient wisdom that the money spent on security is never enough until there is an incident (just like insurance)… and then when it strikes, you wish you had taken it more seriously.
There are multiple ways our smartphones and mobile apps can make us vulnerable. For example, many people use two-factor identifications thinking that it’s a measure which banks provide that make us feel safer. But the hard truth is that even this code is accessible by hackers simply by exploiting some common mobile vulnerabilities.
In other instances, something that is beginning to get popular in today’s app world is that malicious code is inserted into free versions of popular apps. Users often can’t tell the difference between legitimate and non-legitimate apps. Once you’ve downloaded the app — for example, antivirus software — the hackers will ask you to spend money to get rid of viruses it found inside your phone. If you refuse, the app can completely disable your phone until you pay up. Think of it as a Trojan horse. Once you realize what’s going on, it’s already too late.
In another recent report, “McAfee” said that a rise in “hacktivism” from groups like Lulz Security, or LulzSec, and Anonymous, helped drive a drastic increase in online attacks. McAfee also found that Google Android is now the most targeted mobile platform by hackers.
LulzSec has been known to cause havoc online with the hope of bringing turmoil to the Web, mostly for fun, rather than a monetary goal. Although some suspected members of LulzSec have been arrested by police, there are new threats that have emerged from hackers who are targeting Android users.
“There is malware ending up on Android phones that is coming out of China and is being used to steal the identity of Android users,” said Dave Marcus, director of security research at McAfee Labs, in a phone interview. “Once hackers take control of an Android device, they have access to any kind of information on there including personal data, GPS logs and carrier and billing code information.”
McAfee also stated that Android was previously the third most targeted mobile device by hackers but is now No. 1 — not a reputation Google will likely be proud of. Google, however, did not respond to a request for comment about the McAfee report.
Dave Marcus commented again stating that Android users have become the top target for malware developers because Google does not use a vetting process to monitor the distribution of new mobile apps. Anyone can share an app on the Google Marketplace, including hackers who hide malware inside free mobile software and games. In comparison, Apple monitors and approves each application it allows into the iTunes App Store but this, however, doesn't write off the App store from being entirely secure.
Attacks via mobile phones are only something that is going to continue to grow as we've observed over the last few years. Cybercriminals are not likely to stop any time soon because this seems to be working too well for them at the moment.
Applications aren’t the only things that can compromise your device. Hackers have three options for attacking a mobile device:
1. The device itself
2. The network it connects to
3. The applications it downloads
And many of us are at an unreasonable level of risk to attack. To put this in perspective, over the past year, Zimperium's customers detected hundreds of thousands of threats. They discovered that 94 percent of Android devices were not running the latest software version available, and about a quarter (23 percent) of iOS devices were not running the latest software version. They also found that about 10 percent of all devices were attacked via their network connections (MiTM, SSL certs, etc), which is a significant risk for companies with thousands of employees.
Companies like BlackBerry, Microsoft, MobileIron, and AirWatch have worked hard to create secure containers so that developers create secure apps. They work hard to encrypt data on the mobile disk and its network communication, but the same issue still applies. If the container is safe but sits on a platform that has been compromised, there’s no security at that point. The common analogy I use for this is putting up great walls on a shoddy foundation: if your phone’s operating system (OS) is compromised, it doesn’t matter how safe the app is.
Hackers have proved and displayed a significant increase in their attacks through mobile browsers and apps since 2015. RSA found that attacks through apps have grown from only 7 percent of all hacking attempts in 2015 to a whopping 40 percent of all attacks now. Attacks through the web and mobile browsers have fallen as hackers prioritize apps in their attempts to breach systems and steal information.
The reality at the end of the day is that we’re living in an increasingly connected world, and we still see that businesses haven’t yet set up the necessary security measures to keep up with this change. As a result, mobile devices and the apps that thrive within them will continue to be the channel of choice for cybercriminals to work havoc.
Must Read: Security Status in MCommerce USA