Mobile Security Diary

Mobile Security Diary

FROM THE EDITORS AT CYBERSECURITY VENTURES

Q3 2017

The Mobile Security Diary — sponsored by Telos Corporation — provides chief information security officers (CISOs) and IT security teams, and mobile device users, with a quarterly diary of noteworthy mobile and wi-fi security activity.

FIRST EDITION

Dateline of mobile and wi-fi security hacks and breaches

Senior IT executives fearful and unprepared for mobile attacks

kacyzurkusbwKacy Zurkus

Menlo Park, Calif. – Oct. 1, 2017

The ever changing threat landscape created by the explosion of mobile devices has eradicated the traditional defenses of protecting the perimeter. Today’s invisible perimeter is changing the game of enterprise security because practitioners can’t defend what they can’t see.

Whether its security payments or the extended network, security professionals are challenged by the lack of visibility with mobile devices. Many organizations are partnering together to offer integrated enterprise mobility platforms that offer enhanced security tools.

“Cyber threats facing individuals and organizations have profoundly changed how business is conducted,” said Tom Badders, senior secure mobility product manager, Telos Corporation. “Any industry that requires sharing of sensitive information – from commercial business and federal agencies, to the military and intelligence community – must take the security of their mobile communications seriously.”

grayfooterline


grayfooterline

MOBILE HACKS

September

Sep. 30. Officials decree a complete shut down of mobile phone services in Karachi, an area of Pakistan targeted by terrorists. Fears of attacks on Muharram processions are heightened, leading the Sindh home minister to suspend services.

Sep. 29. As thousands of people try to recover and rebuild in the aftermath of Hurricane Maria, mobile blackouts have left people unable to connect with family and gain access to critical services.

Sep. 29. For a mobile wallet company, the potential for threats demands more attention to mobile security, but few at MobiKwik—an Indian mobile wallet company—expected a technology glitch to result in a $2.9 million loss. Somehow the glitch caused withdrawals from their own account rather than from the accounts of customers.

Sep. 28. An alarming lesson learned from the large scale ransomware attacks is that most businesses are not prepared for a large scale mobile attack because of the challenge of staying current on mobile security tools.

Sep. 27. Changes that would advance Microsoft’s mobile positioning continue to come and go, but the new Andromeda OS might be a successful platform that turns the Windows 10 Mobile into a legacy system that is only serviced with bug fixes and security updates through 2018.

Sep. 26. Whether it’s lost or damaged devices or social media scams, smartphones make users susceptible to attacks from cybercriminals. Everyone needs to know why mobile security matters.

grayfooterlineRELATED: When confidentiality and security are of the utmost importance, turn to Telos Ghost
grayfooterline

Sep. 25. The convenience of connecting credit cards to mobile wallet apps is enticing, but don’t wait until a hacker gains access to your Starbuck’s account and spends a couple thousand dollars on lattes across the country to learn about mobile security.

Sep. 22. The Android Oreo, Google’s new operating system, delivers stronger mobile security, which experts are calling a huge milestone for Google.

Sep. 22. Many consumers are uncomfortable with the idea of biometrics, particularly with the use of facial recognition for authentication. As the market grows, security of transactions remains a concern for nearly a third of the people who have yet to test the waters with mobile payments.

Sep. 19. Finding the right balance between increased productivity and enterprise security is a challenge, largely because of the increased number of mobile users and devices. To avoid mobile malware, security professionals need to know who their users are and limit what they can access.

Sep. 17. Though the mobile security market is burgeoning, one company, NQ Mobile Inc. is coming up short. Surprisingly, the company is a provider of mobile internet services including game publishing, advertising, entertainment, and security platforms.

Sep. 12. It’s true there is no silver bullet in security, but there are some solutions that you want to avoid. Opera VPN is a mobile security solution that may not deliver on its promises of security.

Sep. 10. In addition to worrying about attacks from criminals, Australians might also have to protect their mobile devices against the federal government. New phone-hacking technologies will allow the government to use what they call modern investigative techniques.

Sep. 8. Samsung goes on a hunt to find researchers to test their software and hardware for security issues. With 38 devices, there is a lot of opportunity to make money in strengthening Samsung’s mobile security.

Sep. 5. When employees don’t know and understand current and emerging threats to the mobile landscape, they are less inclined to change their behaviors. Business leaders need to focus on education to help mitigate risks.

August

Aug. 29. In the age of data mining and data hoarding, concerns over privacy are mounting, particularly with third-party apps. When software developers aren’t building security into their products, mobile security can’t exist.

Aug. 26. Hotels across Europe fell victim to cyber attacks during the height of summer holiday. Many were warned to increase security measures to protect their mobile devices while traveling.

Aug. 25. Enterprise Mobility Management (EMM) platforms are not adequately addressing what has always been the weakest link in security—human beings. Despite the technology that is designed to deliver mobile security solutions, employees are tentative to install them.

Aug. 21. An advertising software development kit slipped through the vetting cracks in more than 500 mobile apps in the Google Play store. The spyware functionality was only delivered if the SDK administrator initiated a download, which was not the case on all of the apps.

Aug. 17. With HIPAA regulations always at the forefront of healthcare IT, choosing the best mobile tools and delivering mobile security is an uphill battle for hospitals that are trying to use technology to deliver better and more efficient care to patients.

Aug. 15. Intra-library collusion is a type of attack that can turn Android devices against themselves through app communications. When popular libraries are used across many apps on a single device, the apps can steal personal data.

grayfooterlineRELATED: Secure cloud mobility: secure access everywhere you need it
grayfooterline

Aug. 15. Mobile devices need to be accessed by first responders during emergency situations, and the Department of Homeland Security is ready to invest their money in making sure that happens.

Aug. 14. Mobile fraud isn’t only growing in frequency but also in cost. It’s estimated the cost of mobile payment frauds will be more than $25 billions dollars by 2020.

Aug. 12. According to Lookout, a mobile security firm, Mobile devices, specifically those running on Android with apps from Google play, were turned into spying devices until Google removed the ‘SonicSpy’ spyware from its store.  

Aug. 10. Though many have long believed the iOS to be more secure than the Android operating system, there isn’t a lot of evidence to support that belief. Computerworld, executive director, Ken Mingis looks at the mobile security of both systems and offers his advice on evaluating each.

Aug. 8. Computer Science professor at Northeastern, shares concerns for the security of mobile devices. With the goal of improving mobile security, the professor organized the 2017 Conference of Security and Privacy in Wireless and Mobile Networks.

Aug. 3. The IoT security market is expected to explode, and Symantec Corp. is only starting to reap the benefits. Earlier this year they acquired an Israeli mobile security firm, and now they have sold its website security business for nearly $1bn.

Aug. 2. The iris biometric security template may come to market faster than anticipated now that Qualcomm has integrate its technology into the Snapdragon security platform for mobile devices.

Aug. 2. Mobile telecom systems are a steadily growing attack vector, even with two factor authentication. Cybercriminals have successfully exploited flaws in the standing signaling system 7 (SS7), the heart of international mobile communication.

Aug. 1. Despite the growing threats specific to mobile security, businesses remain unprepared for an attack. Nearly half of all IT decisions makers in a Webroot survey confessed that they are most fearful of a mobile attack.

July

Jul. 29. Hackers test mobile security at the Defcon and Black Hat conferences, listing the names of their victims on the renowned “Wall of Sheep.”

Jul. 27. If you think that mobile device companies baked security into their development and production plans, you are sadly mistaken. As the market continues to grow, consumers and enterprises alike need to be mindful of mobile security and the impact of a compromise.

Jul. 25. Straight from the SearchSecurity bookshelf, an excerpt from Raymond Choo and Man Ho Au’s book, Mobile Security and Privacy, talks about protection identity and privacy and the mobile settings that reveal more than users know.

Jul 25. If you’ve downloaded the Cheetah Mobile Security Master app on your Android phone, you are not alone. Over 500 million users have installed the app since it came out in early 2014.

Jul. 21. No organization can escape the threats to mobile devices, and the federal government is no different. Because their mobile users are frequent targets of attack, the Department of Homeland Security plans to improve its mobile security plans.

Jul. 21. Keeping in step with current and emerging threats, Google looks to solve its mobile application security challenges with the new Google Play Protect.

Jul. 21. Artificial intelligence seems to be the wave of the future for mobile security for these 8 startups using AI to improve mobile security. Mobile security solutions that use artificial intelligence will help to protect your identify, prevent fraud, and more.

Jul. 21. Several enterprises are partnering with each other in order to provide stronger enterprise mobile security. Check Point and Microsoft are now integrating products in an enterprise mobility management platform.

Jul. 20. High security standards give BlackBerry the green light to start selling its security tools to government agencies. Concerns over the security of calls and texts messages on mobile devices needs to be addressed so that government employees can use modern technology to exchange classified information.

grayfooterlineRELATED: Make users and their locations anonymous on the network with Telos Ghost
grayfooterline

Jul. 19. Security practitioners have reportedly seen a decline in exploit kits, according to Cisco report, but mobile security and cloud infrastructure continue to be vulnerable to threats that are challenging to defend against.

Jul. 19. Adding PayPal to the Samsung Pay wallet will reportedly improve user experience with both online and offline transactions. It’s not clear who got the deal in this partnership, but Samsung Pay, a widely-accepted payment platform leverages tokenization to provide a multi-layered mobile security platform.

Jul. 17. Deciding on the right mobile security tools for enterprises can be overwhelming. It’s helpful to know which systems are best for your security needs with this mobile data security guide.

Jul. 13. In app advertising can potentially leak personal data, so in order to move toward better mobile security, users need to be aware of what data they are sharing, with whom. Then click with caution and use privacy settings.

Jul. 13. Are fraudulent antivirus applications to blame for the increase in mobile threats? Rather than brining trouble with their devices, users can add mobile threat protection.

Jul. 11. Maybe it’s wishful thinking, but with the right tools and policies, it could be possible for enterprises to stay ahead of mobile threats.

Jul 10. Hoping to build better protection with stronger solutions to enterprise mobile security, Trend Micro and VMWare are integrating products. This partnership comes ahead of 2019, which is when Gartner predicts more enterprises to deploy mobile programs.

Jul. 10. Now available in part of a bundle, Microsoft has packaged security for software and mobile devices in with the Windows 10 OS and Office 365 software.

Jul. 5. It’s not just consumers who need to invest in mobile threat defense. Enterprises large and small are warming up to the idea that when it comes to mobile security, they need to do more.

Jul. 3. While it’s not been common practice for users to install antivirus software on their mobile devices, it might be time for the added protection. TechAdvisor from IDG offers a list of the best antivirus apps for both Android and iOS.

Jul. 2. Indications that the mobile security market is ramping up are evident across the globe. The UK company, Wandera, is positioning itself to grow with the maturity of the market.

Kacy Zurkus is a freelance writer for Cybersecurity Ventures and has contributed to several other publications. She covers a range of cybersecurity and cybercrime topics.grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.