Posted by: Jessica Scarpati
Internet Privacy, mobile device security, Security Wire Weekly
Look for a movement to weed out malicious mobile applications through mobile application scoring systems, according to Verizon’s ICSA Labs, which issued a list of security predictions for 2012.
By Robert Westervelt, News Director
Mobile malware and mobile application threats could pose major security and privacy challenges to enterprises in 2012, according to Roger Thompson, chief emerging threats researcher at Verizon Business’ ICSA Labs. Cybercriminals could use malicious mobile applications to steal sensitive data from smartphone users, including account credentials. Stolen credentials could be used to obtain access to corporate networks, Thompson said.
Smartphones, tablets and other mobile devices have helped fuel the use of social networks. Employees are sharing more information about themselves than ever before on Facebook, Twitter and other networks via mobile applications. That freely available data could be all that is necessary for an attacker to design a targeted and convincing social engineering attack against an employee, Thompson said.
“It may be no more than just completing the profile on people so they know what kind of goods to sell you; it might not even be overtly criminal,” he said.
Thompson, who was hired by ICSA Labs in November, helped draft the security device testing and certification organization’s security predictions for 2012. In addition to rising mobile malware and malicious applications, ICSA Labs predicts the industry will take action, providing users with application scoring systems so users download valid applications onto their devices. Scoring systems could reduce the risk of more malicious mobile applications and check highly used apps for serious mobile application vulnerabilities, Thompson said. Although it’s unclear what entity would create the mobile application scoring systems, Thompson said both Google and Apple control the marketplace for mobile apps and could very likely take the lead.
“If you install some new version of an application, even if it’s not overtly malicious, you have no idea what opportunities it may be opening up,” Thompson said. “An application might not be sending SMS messages, but it could be built into the game in case it’s needed in the future and that kind of unnecessary functionality could be leveraged by an attacker.”
ICSA also predicts health care organizations will have to gain a better understanding of the risks posed by digitalized health care data stored on mobile devices and how to better secure embedded medical devices from tampering and other cyberattacks. In addition, state public utility commissions will continue to make great strides on creating standards for the so-called “smart grid.” It’s likely, according to ICSA, that the federal government will step in with its own framework and requirements.
In this interview with SearchSecurity News Director Robert Westervelt, Thompson predicts how the threat landscape could evolve in 2012 and explains why mobile device use could pose serious risks to businesses.