Chip maker Intel yesterday released a report by McAfee – one of the world’s leading security software companies – that highlights several mobile security issues that we might be overlooking.
The detailed report explains how the apps on our smartphones can collude – sometimes unintentionally – to orchestrate attacks on our data, sending fake messages, loading other apps and passing private information to control servers.
“Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other. Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit. Such apps may use a shared space (files readable by all) to exchange information about granted privileges and to determine which one is optimally positioned to serve as an entry point for remote commands.
“Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. “It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps.”
Everyone, including yours truly, has apps sitting on our phones that we’ve never used. Instead of deleting these, we often ignore them thinking they’re harmless. This could be one of the worst security mistakes we’re making, if the report is right.
In their blog, McAfee also outlines some measures you can take to secure your information and prevent such app attacks:
- Keeping your device’s software up to date is one of the best ways to protect yourself. Upgrades and updates that we think are insignificant may mean the difference between privacy and open availability of our user information.
- Delete any old apps that you don’t use or need. Most of us tend to just let the apps accumulate until there’s a memory emergency or our device starts to get sluggish, but its these very apps that might be the culprits behind data theft or malicious information leakage.
- Verify the source before you download any app. This is especially relevant for Android users, and the very reason Apple protects its App Store like a lioness guarding her cubs.
- Use mobile security protection at all times. Of course, McAfee would tell you to do this because that’s one of the things they sell, but it’s good advice just the same.
Mobile security is big business, with estimates putting the market at $5.7 billion by 2019. The rise in the number of enterprises embracing a BYOD (bring your own device) policy heightens the threat level because it involves sensitive company information that could lead to disastrous consequences if leaked or stolen. But even on a personal data level, mobile security should be our number one concern.
Facebook may not be listening in to our conversations by accessing our phone’s mic through their app, but the threat of data theft is a very real one that results in losses to the tune of between $16 and $21 billion dollars each year – and that’s just from identity theft alone.
The cybersecurity industry as a whole is contributing to bring that figure down, but new threats and new methods continually keep emerging in an endless cops and robbers loop.
If you value your data and your personal information, then you would be wise to acknowledge the problem and take the steps that McAfee has recommended in the report. Ignore them at your own risk.