Unencrypted Data, Rogue Apps, Spam Threaten Mobile Device Security

Posted on December 09, 2014

Researchers at San Francisco security company Cloudmark told Fox Business recently that criminals are exploiting two unfortunate mobile trends to steal data and penetrate company networks via mobile devices. One problematic trend is the increase in mobile phishing attacks launched through common mobile messaging systems like Apple's iMessage.

iMessage is the venue of choice for spam in 2014, Cloudmark says. There is nothing new about spam, of course, but an unfortunate fact is that people who are wary of unsolicited emails aren't always as careful when it comes to their mobile devices. People who wouldn't think of clicking on a suspicious link or responding to a phishing email on a PC or laptop aren't as vigilant when it comes to smartphones and tablets, said Tom Landesman, a senior researcher at Cloudmark.

One of the tools criminals are using to target smartphone users is highly targeted, localized phishing messages sent to smartphone customers in a specific zip code. Mobile users get a text or email that appears to come from their bank, credit union, or a local business asking them to click on a link and provide sensitive information.

The messages can look real, and people simply aren't accustomed to receiving spam on their phones, so the crooks are fooling more people. Once they have access to the user's device, they can also gain access to the user's email, and any network access passwords or company data stored on the device.

Rogue Apps Threaten Businesses, Consumers Alike

Rogue apps are a special threat for businesses and consumers alike, according to a CNET report on a study by cybersecurity company FireEye. "Rogue apps can steal data off your phone, and it can be very hard to identify them," explained Jared Hansen, CEO of secure mobile printing leader Breezy. "Most mobile device users download apps regularly, and most of them are fine " but rogue apps have turned up on legitimate sites, and a vulnerability in the iOS operating system has put millions at risk."

CNET says that the security flaw affects all Apple mobile devices running iOS 7 or later, regardless of whether or not the device is jailbroken. "That means roughly 95 percent of all Apple mobile devices currently in use are vulnerable. Apple sold 51.6 million iPhones and iPads in the three months ended in September alone," the article says.

The really bad thing about some rogue apps is that they can actually replace legitimate apps on your phone, Hansen says. "So even if you downloaded an app from the app store, a rogue app designed by a criminal can replace the real app and compromise your mobile security. Some of them are designed to turn your mobile device into a "bot net" slave, sending spam email or making purchases, and others can trick you into giving up data or siphon data off your phone. The stolen information can be sold to marketers as your device tracks your every move online, or used in identity or data theft schemes."

Fox Business says that one security firm, viaForensics, tested 100 popular apps and found that 75% of Apple and 59% of Android apps had at least one high risk rating. That's a problem for users who don't use on-device encryption to protect sensitive information on their mobile device, and the same study found that only 35% of users had encrypted data on their devices.

Mobile Device Security Basics

Applying the same common sense tactics when using a computer and laptop can go a long way in protecting mobile users. That means not clicking on links in texts or emails when you don't know the sender, typing in full URLs and being skeptical of any communications that are purported to appear official. It also means understanding what your apps and device is doing in the background.

One basic step in helping to block rogue applications is to disable sideloading, so that rogue apps can't download in the background without your knowledge. Another is to apply the same wariness to text messages received on a smartphone that you'd apply to email on a PC or laptop. "We need to be aware that not every text message that appears is benign, and use a more skeptical eye before we click on links," Hansen says.

But the Breezy CEO says that the best approach to mobile device security is to make sure that sensitive information is encrypted on the device, whether it's at rest, or in transit to another device such as a printer. "Bessemer Venture Partners executive David Cowan wrote an excellent article on LinkedIn earlier this year where he said that the future of cloud computing relies on encryption " and he should know, since his company has funded cloud companies such as Box, Eloqua and LinkedIn," Hansen says.

Breezy was founded after Hansen was unable to find a secure mobile printing solution for his law firm that included on-device encryption, and the company has built a global business based on two strategies: ensuring that sensitive data is encrypted, and partnering with industry leading enterprise mobility management tools like AirWatch, AppSense MobileNow, Aruba, Citrix, Good Technology, IBM (MaaS360, formerly owned by Fiberlink), MobileIron and Mocana.

For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.