The Latest FireEye News
Product and Solution Information, Press Releases, Announcements
|FireEye Study Identifies Top Mobile Application Security Issues|
|Posted: Fri Feb 27, 2015 02:37:12 PM|
Researchers Analyze 7M Applications to Identify Leading Android Attack Methods and New iOS Attacks
MILPITAS, Calif. – February 27, 2015 – FireEye, Inc. (NASDAQ: FEYE), the leader at stopping today's advanced cyber attacks, today released “Out of Pocket: A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps,” an in-depth look the vulnerabilities of mobile apps. The report reveals that Android malware is growing more pervasive, and iOS devices are also increasingly at risk.
FireEye threat researchers analyzed seven million mobile apps on both Android and iOS platforms from January to October 2014. Researchers reviewed popular apps with more than 50,000 downloads to assess their exposure to a common vulnerability, and found that 31% of them were exposed to it. Of those, 18% were in categories with potentially sensitive data, including finance, medical, communication, shopping, health, and productivity. Additional research conducted in the second half of 2013 found a 500% increase in the number of Android apps designed to steal financial data.
“Today, mobile apps represent a significant threat vector for enterprises,” said Manish Gupta, senior vice president of products at FireEye. “Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications.”
The report identifies a new delivery channel for iOS malware that bypasses the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers found more than 1,400 iOS apps publicly available on the Internet introducing variants of security issues, signed and distributed using enterprise provisioning profiles.
FireEye’s analysis indicates that mobile users face risks on many fronts today including:
Mobile devices are being adopted across the world as PC manufacturers see sales in PC’s and laptops in decline as consumers choose simpler, lighter devices to make life easier. This evolution underscores, as Gartner recently recommended, that enterprises, “Abandon device-centric lockdown security models in favor of app-centric models.” (Source: How Digital Business Reshapes Mobile Security, 11 February 2015, Gartner).