Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises

The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.

More and more end-users are bringing mobile devices to work -- and more and more applications that could threaten the security of enterprise data, according to data released this week.

In a blog posted Monday, researchers at mobile security firm Mojave Networks said that a detailed analysis of mobile applications running under bring-your-own-device (BYOD) programs in large enterprises indicates that the BYOD phenomenon may pose greater risk than most IT departments know.

The study shows that the average mobile device carries about 200 applications, each of which requires an average of nine permissions in order to operate -- permissions such as the user's personal information, address books, or physical location. With so many applications running, and with each application gaining access to so many stores of information, it's difficult for the IT organization to know who's accessing their corporate data, Mojave says.

"When we first come into a customer site, most of them have no idea what apps their users have installed on their devices, or what their risk exposure might be," says Ryan Smith, lead threat engineer at Mojave. "They are accepting a level of risk on their mobile devices that they would never accept on PCs."

Smartphones contain dozens of apps as part of their operating environments, and users typically add dozens more after they've purchased them, Smith tells us. Each of these applications asks for the right to access certain information -- such as a user's name, phone call history, contact list, or geographic location -- that increases the risk of data leakage or active hacks that could compromise enterprise data.

Mobile advertising libraries are a prime example of this potential risk, Smith writes in the blog:

These libraries are large packages of code written by a third party, which the developer includes in their mobile app to help them add standard functionality. In this case, the developer may use the libraries to collect ad revenues, track user statistics, or integrate with social media APIs. There are thousands of such libraries available to mobile app developers, each with varying reputations, and developers will often include their code with little or no review.

As part of its study, Mojave analyzed some 11 million URLs that its customers' mobile devices have linked to over the last year. The researchers found that 65 percent of applications downloaded by business users connect to an ad network, and 40 percent of apps downloaded by business users connect to a social network application programming interface. Nearly 80 percent of mobile applications ask their users to link to a third-party resource, such as an ad network, social media API, or a usage analytics API.

"Some apps have a higher risk than others, but almost all of them carry some risk," says Smith.

Mojave collected the data as part of the buildout of its new application reputation service, which was also rolled out Monday. The service enables enterprises to track the apps running on users' BYOD devices and rank them according to the potential risk they represent to the enterprise.

With the application reputation service, according to Mojave, organizations can dissect and analyze the data being collected, stored, or transmitted from mobile applications, enabling them to discover the potential risk of applications in their organizations and create better policies for blocking or restricting the use of risky apps.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...