Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Are Mobile Apps the Enemy?


Published on

Over 5 billion app downloads are vulnerable to remote attacks. See how FireEye analyzes the numbers, and learn what you can do to identify and manage harmful mobile apps. Visit for more information.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Are Mobile Apps the Enemy?

  1. 1. iOS: the next frontier for cyber criminals iOS apps may not be as secure as you think The risks of public apps Apple Developer Enterprise Program has been abused to create malicious EnPublic iOS apps More than 80%Attackers can use undocumented or private APIs within EnPublic apps Android apps designed to steal financial data rose exponentially in 2013 (up from 260 prior to that year) The 2014 Masque attack Discovered by FireEye, the attack targeted jailbroken and non-jailbroken iOS devices. The vulnerability allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing. New iOS vulnerabilities include Universal Cross Site Scripting (UXSS) and SSL/TLS misuse of the EnPublic apps were found to use private APIs New strains of malware and zero-day exploits can target non-jailbroken iOS devices through trusted USB connections and over-the-air delivery 1,300 Freely available public apps are not subject to Apple's strict review process. of time spent on mobile devices in 2014 involved app usage 86% EnPublic iOS apps are currently available for download online 1,400 of popular Android apps on Google Play are vulnerable to JavaScript-Binding-Over- HTTP (JBOH) 31% 80% UXSS AreMobileApps theEnemy? FireEye researchers analyzed 7 million Android and iOS apps. Here's what they found. Many consumer Android apps have vulnerabilities and poor security safeguards. FireEye found more than 5 billion downloaded Android apps vulnerable to remote attacks. The riskiest vulnerability may be JavaScript-Binding-Over-HTTP (JBOH). Aggressive Android adware collects detailed user information, including: Age Household Income Ethnicity Gender Interests GPS Location Name Email Address Device ID of malware targets Android devices and apps 96% FindouthowFireEyecanhelpidentifyand managepotentiallyharmfulapps © 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. INFO.MA.EN.US112015