iPhone App Security - Android App Security: A Growing Digital Risk
Author: Eric Everson, Chief Technology Officer – MyMobiSafe.com
It’s being called a “gold rush” as estimates such as yesterday’s breaking news on the topic declared, “Flurry predicts that by the end of next year, 150,000 apps will be available for Android phones, up from around 20,000 to 25,000 now.” Developers are beginning to dive into this fast growing new phenomenon of mobile apps.
With developers sharing stories about making tens of thousands of dollars by selling their apps, this is an emerging market that is showing no signs of an economic slowdown. In fact in the same piece by Lance Whitney, it was noted that, “The growth has been meteoric for Apple for iPhone and iPod Touch penetration," he said. "They're already past 50 million units in the marketplace for iPhone and iPod Touch." …while the iPhone is a killer device that gives people a portable computer in their pocket, Apple knows it needs third-party developers, which is one reason the company controls the store. And developers will go wherever they can get a good customer base, realizing that they can build an app once for the App Store and draw in a lot of consumers.” (Read Full Article Here)
This is great news right? A hot emerging market opportunity in a sluggish economy, what’s not to love about that? Not to spoil the celebration, but as a digital security consultant this emerging market has introduced some serious new digital security risks. Don’t just take my word for it, recently security expert Kenneth Van Wyk noted, “Is anyone else concerned about the security of this new gold rush? Just how safe is it to download and use, say, an application that can access my Amazon account and make purchases with “one click”? (Gulp!)” Van Wyk goes on to explore, “…time will illuminate the issues more clearly. For now, I sure hope the application developers aren’t consumed by a gold rush mentality and that they’re practicing safe development methods to ensure all the good stuff—solid authentication, encryption of sensitive data, input validation, etc.—are being thoroughly addressed in the code they release into the wild.” (Read Full Article Here)
Have we opened Pandora’s Box yet again? Having been involved in mobile security for many years as the founder of MyMobiSafe.com, I will say that we’ve just begin to scratch the surface. As we’ve identified (and are working to address at MyMobiSafe.com) developers want to maximize their profitability in this gold rush which often means foregoing security protocols that could prove harmful to your mobile device. The days of cell phones being a disposable technology are quickly coming to an end as these little devices have become primary sources of our proprietary data. From the ability to connect to your bank account to the names and numbers of the people closest to you, your handset security should certainly become one of your top priorities.
With the Android boom of 2010 taking shape, we are about to see a surge (of tidal wave proportions) in the development of mobile apps. Likewise, the iPhone App Store remains just as hot as ever as the iPhone and iPod Touch devices have surpassed the 50 million user mark. There is certainly money to be made, but both users and developers alike must demand a greater level of security to keep everybody’s mobile devices safer. I don’t need my masters degree in Software Engineering to tell you that rushed software is bad software, so before you download that next app, checkout your developer’s credentials.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday, December 30, 2009
Friday, December 18, 2009
Mobile Security Expert: Think Twice Before You Download That New Mobile App!
Mobile Security Expert: Think Twice Before You Download That New Mobile App!
Author: Eric Everson
Whether you are an iPhone user, a Droid user, or a user of any number of new app-compatible handsets, you should be weary of exactly what’s hiding in that app. A term like “Trojan Virus” is nothing new to computer users, but increasingly this type of attack is moving into the mobile environment.
As a mobile security expert, I realize that too few app developers are willing to sacrifice the performance of their apps by adding additional security measures. This reluctance to build-in security protocols has set the stage for a serious level of vulnerability. Having worked in mobile software development myself, I understand that building in certain security features can introduce very noticeable performance hurdles, which is not something that independent app developers want to earn a reputation for.
The mobile app development community is actually still very small and has yet to become dominated by huge corporate interests, so what we have are often developers that often do not have the means to support developing a mobile app and managing a slew of security features therein. As some have admitted, it’s easier to just forget about security all together and let the user worry about their own handset-level security. As the app-driven future of wireless is quickly taking shape, it is again the handset user that must shoulder their own level of security.
At MyMobiSafe.com we are working hard to introduce a new solution for mobile app developers to help tackle this problem, but it will be early next year before we are able to unveil this development. In the interim, mobile users need to think twice before downloading that new app to their handset if they do not already have a mobile security solution on their handset. For many years we as a wireless global community have wrestled with the idea of paying for security software for our handsets. As a digital security consultant, this is a fascinating issue because when I ask most people if they would run their computers without a security solution I always get a resounding “NO!” Why is your phone any different? It packs pretty incredible processing power in its own right and in many cases carries more proprietary data than your own computer.
This time of year, mobile gifts are hugely popular, from new apps to new iPhones to run the apps, the future of the app-driven wireless industry is taking shape each day. As an app user myself, I get it! Apps are fun! More importantly they make life easier! Just use caution and look for reviews (especially security related reviews) pertaining to the apps that you want to download. Looking forward, mobile apps are here to stay; just start being a little more protective of your handset before you download them (especially the free/cheap ones!). You do not want to invite a “Trojan Virus” into your app phone.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson
Whether you are an iPhone user, a Droid user, or a user of any number of new app-compatible handsets, you should be weary of exactly what’s hiding in that app. A term like “Trojan Virus” is nothing new to computer users, but increasingly this type of attack is moving into the mobile environment.
As a mobile security expert, I realize that too few app developers are willing to sacrifice the performance of their apps by adding additional security measures. This reluctance to build-in security protocols has set the stage for a serious level of vulnerability. Having worked in mobile software development myself, I understand that building in certain security features can introduce very noticeable performance hurdles, which is not something that independent app developers want to earn a reputation for.
The mobile app development community is actually still very small and has yet to become dominated by huge corporate interests, so what we have are often developers that often do not have the means to support developing a mobile app and managing a slew of security features therein. As some have admitted, it’s easier to just forget about security all together and let the user worry about their own handset-level security. As the app-driven future of wireless is quickly taking shape, it is again the handset user that must shoulder their own level of security.
At MyMobiSafe.com we are working hard to introduce a new solution for mobile app developers to help tackle this problem, but it will be early next year before we are able to unveil this development. In the interim, mobile users need to think twice before downloading that new app to their handset if they do not already have a mobile security solution on their handset. For many years we as a wireless global community have wrestled with the idea of paying for security software for our handsets. As a digital security consultant, this is a fascinating issue because when I ask most people if they would run their computers without a security solution I always get a resounding “NO!” Why is your phone any different? It packs pretty incredible processing power in its own right and in many cases carries more proprietary data than your own computer.
This time of year, mobile gifts are hugely popular, from new apps to new iPhones to run the apps, the future of the app-driven wireless industry is taking shape each day. As an app user myself, I get it! Apps are fun! More importantly they make life easier! Just use caution and look for reviews (especially security related reviews) pertaining to the apps that you want to download. Looking forward, mobile apps are here to stay; just start being a little more protective of your handset before you download them (especially the free/cheap ones!). You do not want to invite a “Trojan Virus” into your app phone.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Thursday, December 10, 2009
Global Enterprise Security: The Emerging Mobile Workforce… Is Your Company Ready?
Author: Eric Everson, Enterprise Security
“Global Enterprise Security” is an old phrase, but as many C-level managers are uncovering, there is a new face to this dynamic business environment. With technology tools flooding the market that have enabled the emergence of true virtual teams and ultimately a mobile workforce, the landscape of Global Enterprise Security has already changed faster than most IT professionals are willing to admit.
From doing remote desktop support pool-side to answering emails from your handheld device from 30,000 feet, everyone from the frontlines of the business to the top brass are integrating mobility into their work environment. Unlike some of my peers, I am not calling for the death of the brick and mortar workplace, but as a leader in digital security, I refuse to ignore the new challenges that these technologies represent to your Global Enterprise Security strategy. Most C-level manager’s never even think that their coveted BlackBerry could have already been hacked or otherwise compromised, yet it is a reality that we all face on a daily basis.
For mobile hackers, those very emails that you are responding to at 30,000 feet could mean a big paycheck if put in the right hands. Yes, we’re talking about that very real, under the table, realm of corporate espionage. If you’re a C-level executive and you think that it can’t happen to you, I encourage you to take a long hard look in the mirror and welcome yourself to the realities of the emerging mobile workforce and the issues it represents to your own security strategy. As the first go-to guy for many CIO’s facing this very real wake-up call, I can assure you that this is not an area of digital security that you or your company should take lightly. The mobile workforce of tomorrow is emerging faster than you might expect and for many business leaders looking around their companies, elements such as employee cell phones and laptops are nothing new and are giving them a certain lump in the throat that is hard to dismiss.
Beyond corporate espionage, just think for a moment about what happens when one of your employees drops their cell phone in a crowded holiday shopping center. Frighteningly few corporate IT organizations even have the safeguards in place today to remotely lock that handset from prying eyes (a technology which is now broadly available and is highly affordable to any size company). Would you want your proprietary next quarter pricing data in the wrong hands? It is a reality that far too few technology managers are equipped to deal with (which is also why my cell phone stays so hot). Whether you have put policies in place or not that deal with employee texting, inevitably I guarantee with 100% certainty your company data will find its way into a text message in the very near future.
It can be as simple as two managers riding opposite trains home that want to polish up a few last minute details for tomorrow’s big meeting and it can be as severe as employees committing the act of sharing your customer data with a third-party for added holiday cash. We are moving into new times and unfortunately far too many executive level managers are as ready to deal with the problems as they would like to admit. For the CEO reading this, just stop your CIO in the hall and ask him/her to explain JavaMites and the threat they represent to your Global Enterprise Security strategy company and you’ll see your CIO squirm against something they’ve likely never even heard of.
Just as a heads up, JavaMites are the latest form of mobile malware to emerge and are capable of jumping from any Java-enabled mobile device (nearly 90% of wireless phones/smartphones are Java-enabled) and can also infiltrate any data on the handset to feed it back to mobile hackers. (Learn More about JavaMites Here)
For the IT executives that are carrying themselves around company headquarters with that false glow of confidence, I dare to challenge that behind the icing of your technology cake is a vulnerability within your security strategy that could shake your company to its core. You can sugar coat and show boat with all of the money you have spent on security, but the reality is that via a single mobile phone a talented hacker can bypass your digital fortress and can comprise everything you have developed on your way to achieving that cozy little office and nice car in the parking garage. So why is your CEO putting my cell phone number into his phone and not calling you directly? …Is your company ready?
Eric Everson is a leader in digital security and mobile technologies as the founder of MyMobiSafe, LLC. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Wednesday, December 2, 2009
JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market
JavaMites: Serious Wireless Industry Threat in an App Driven Mobile Market
Author: Eric Everson, Mobile Security Expert
Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.
The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.
What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.
As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.
At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.
Your expert in mobile security and innovative technologies,
Eric Everson – The MobileTech
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Author: Eric Everson, Mobile Security Expert
Is your mobile phone really as safe as you think it is? The fact is that handset-level security remains as the greatest vulnerability throughout the global wireless industry. In an industry where service providers have invested heavily to protect their network investments, little is being done to secure wireless handsets. As apps are quickly becoming the driving force behind the future of the wireless industry, the risk handsets face to JavaMite attacks is growing exponentially and few of us are immune.
The world media is fairly consumed with legitimate concerns of the next “superbug”, especially considering the pandemic spread of H1N1 in recent months. These superbugs are frightening to us all because they can infect humanity as a whole and cannot be quarantined very effectively. What does a communicable superbug disease have to do with mobile security you may ask? The reality is everything! In the past year the mobile security industry has seen the debut of a unique threat that is a superbug in its own right: the JavaMite. This innocuous sounding JavaMite is in fact anything but innocuous and may quite simply become one of the most pernicious threats to the mobile industry as we know it.
What is a JavaMite? As defined in my whitepaper published by CBS Interactive this year, “In its most basic form, a JavaMite is any executable software or script written in (or with) the aid of a Java Software Development Kit/Component to specifically alter or otherwise tamper with the operational components of a mobile handset or device.” While that definition may sound overly technical, the root concern of this mobile malware is that if implemented effectively it could infect upwards of 90% of the wireless handsets in use today. By nature JavaMites are mobile executables designed to attack Java-enabled handsets (which most of us use every day). The earliest JavaMite malware attacks on the public targeted mobile banking and the first widespread attack using JavaMites was carried out in Indonesia on February 7, 2009. In this specific attack, a JavaMite was embedded as a Trojan virus (malware file name: Trojan-SMS.J2ME.GameSat.a) which targeted Indonesia by masquerading as a social instant messaging application for date seeking singles. The Trojan-SMS.J2ME.GameSat.a file was specifically designed to compromise the mobile banking infrastructure of the Indonesian market by transferring trace amounts of money from the users mobile banking account to the hackers account.
As the demand is increasing for more Apps in the wireless community, the prevalence of JavaMite attacks is certain to grow in stride. As we download new Apps to our mobile handsets this opens the door to unbeknownst threats and since the majority of the mobile phones in service today are Java-enabled, this has created a unique opportunity for JavaMite developers (hackers) to take advantage of your limited handset-level security. As too few people opt to protect their handsets with a third-party mobile security solution, a perfect storm is brewing which could put the entire wireless industry at risk. As our service providers have invested millions of dollars to protect their own networks, little to nothing has been done to introduce security protocols at the handset-level to counter JavaMite attacks. At this point users of wireless handsets must elect to protect themselves because let’s face it, if your handset gets compromised this represents an opportunity for your cell phone company to profit by selling you a new phone. While the service providers stand to profit exponentially from the mobile malware superbug of JavaMites, it is you and I that will pay the price one way or another – pay to protect your handset via a third party mobile security product or pay for a new handset once yours (and your private data therein) have been attacked.
At MyMobiSafe, LLC we have started working directly with the mobile app developers that create new apps for both the iPhone and Google Android handsets in effort to create a more secure mobile environment for everyone. While it is not an industry cure all our efforts are sure to become a valuable vaccine of defense in an app-driven mobile future. If you have not added a security solution to your handset, use caution when downloading any new app. You might just be downloading more than you’re bargaining for.
Your expert in mobile security and innovative technologies,
Eric Everson – The MobileTech
Eric Everson is a leader in mobile technologies and is the founder of MyMobiSafe.com. If you would like to contact Eric Everson for media interviews or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Subscribe to:
Posts (Atom)
