SlideShare una empresa de Scribd logo

Are Mobile Apps the Enemy?

FireEye, Inc.
FireEye, Inc.

Over 5 billion app downloads are vulnerable to remote attacks. See how FireEye analyzes the numbers, and learn what you can do to identify and manage harmful mobile apps. Visit www.fireeye.com for more information.

Tecnología
1 de 1
Descargar para leer sin conexión
iOS: the next frontier for cyber criminals iOS apps may not be as secure as you think The risks of public apps Apple Developer Enterprise Program has been abused to create malicious EnPublic iOS apps More than 80%Attackers can use undocumented or private APIs within EnPublic apps Android apps designed to steal financial data rose exponentially in 2013 (up from 260 prior to that year) The 2014 Masque attack Discovered by FireEye, the attack targeted jailbroken and non-jailbroken iOS devices. The vulnerability allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing. New iOS vulnerabilities include Universal Cross Site Scripting (UXSS) and SSL/TLS misuse of the EnPublic apps were found to use private APIs New strains of malware and zero-day exploits can target non-jailbroken iOS devices through trusted USB connections and over-the-air delivery 1,300 Freely available public apps are not subject to Apple's strict review process. of time spent on mobile devices in 2014 involved app usage 86% EnPublic iOS apps are currently available for download online 1,400 of popular Android apps on Google Play are vulnerable to JavaScript-Binding-Over- HTTP (JBOH) 31% 80% UXSS AreMobileApps theEnemy? FireEye researchers analyzed 7 million Android and iOS apps. Here's what they found. Many consumer Android apps have vulnerabilities and poor security safeguards. FireEye found more than 5 billion downloaded Android apps vulnerable to remote attacks. The riskiest vulnerability may be JavaScript-Binding-Over-HTTP (JBOH). Aggressive Android adware collects detailed user information, including: Age Household Income Ethnicity Gender Interests GPS Location Name Email Address Device ID of malware targets Android devices and apps 96% FindouthowFireEyecanhelpidentifyand managepotentiallyharmfulapps www2.fireeye.com/MobileThreatAssessment.html © 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. INFO.MA.EN.US112015

Recomendados

abenomics
abenomicsabenomics
abenomics
Arthur Karabatsos
 
Ipsos MORI's Prediction Poll 2015
Ipsos MORI's Prediction Poll 2015Ipsos MORI's Prediction Poll 2015
Ipsos MORI's Prediction Poll 2015
Ipsos UK
 
Die besten iPhone-Apps für Manager
Die besten iPhone-Apps für ManagerDie besten iPhone-Apps für Manager
Die besten iPhone-Apps für Manager
jekel & team
 
smile2 Das iPad im Vertrieb
smile2 Das iPad im Vertriebsmile2 Das iPad im Vertrieb
smile2 Das iPad im Vertrieb
jekel & team
 
Fashion Trends
Fashion TrendsFashion Trends
Fashion Trends
Computacion53
 
The Social Universe
The Social UniverseThe Social Universe
The Social Universe
JESS3
 
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi PrasadHow To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
Edith Yeung
 
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
Emily Basileo
 

Recomendados

abenomics
abenomicsabenomics
abenomics
Arthur Karabatsos
 
Ipsos MORI's Prediction Poll 2015
Ipsos MORI's Prediction Poll 2015Ipsos MORI's Prediction Poll 2015
Ipsos MORI's Prediction Poll 2015
Ipsos UK
 
Die besten iPhone-Apps für Manager
Die besten iPhone-Apps für ManagerDie besten iPhone-Apps für Manager
Die besten iPhone-Apps für Manager
jekel & team
 
smile2 Das iPad im Vertrieb
smile2 Das iPad im Vertriebsmile2 Das iPad im Vertrieb
smile2 Das iPad im Vertrieb
jekel & team
 
Fashion Trends
Fashion TrendsFashion Trends
Fashion Trends
Computacion53
 
The Social Universe
The Social UniverseThe Social Universe
The Social Universe
JESS3
 
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi PrasadHow To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
How To Get Low CPI High Value Users Via Mobile Ad Networks by Naghi Prasad
Edith Yeung
 
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
GridCure_Distributed and Renewable Energy Strategy Panel (Panel Proposal)
Emily Basileo
 
smile2 Das iPad im Service
smile2 Das iPad im Servicesmile2 Das iPad im Service
smile2 Das iPad im Service
jekel & team
 
Patriotism .
Patriotism .Patriotism .
Patriotism .
Magistr Filk
 
Station service ESSO
Station service ESSOStation service ESSO
Station service ESSO
Balcon60
 
Die besten iPad Apps für Führungskräfte
Die besten iPad Apps für FührungskräfteDie besten iPad Apps für Führungskräfte
Die besten iPad Apps für Führungskräfte
jekel & team
 
Engaging a business audience of One
Engaging a business audience of OneEngaging a business audience of One
Engaging a business audience of One
OgilvyOne Worldwide
 
Live Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective StudentsLive Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective Students
LinkedIn
 
Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)
kate harmon
 
Toluna Corporate Presentation
Toluna Corporate PresentationToluna Corporate Presentation
Toluna Corporate Presentation
Toluna
 
Materi app iii
Materi app iiiMateri app iii
Materi app iii
virmannsyah
 
Twitter School and #AntiquesRoadshow Live Tweet
Twitter School and #AntiquesRoadshow Live TweetTwitter School and #AntiquesRoadshow Live Tweet
Twitter School and #AntiquesRoadshow Live Tweet
Tory Starr
 
Fracçoes equivalentes
Fracçoes equivalentesFracçoes equivalentes
Fracçoes equivalentes
Almerindaresende
 
Event Report - IBM World of Watson 2016
Event Report - IBM World of Watson 2016Event Report - IBM World of Watson 2016
Event Report - IBM World of Watson 2016
Holger Mueller
 
Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
FireEye, Inc.
 
EMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand StillEMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand Still
FireEye, Inc.
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
FireEye, Inc.
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis
FireEye, Inc.
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
FireEye, Inc.
 
M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점 M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점
FireEye, Inc.
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
FireEye, Inc.
 
M-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du frontM-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du front
FireEye, Inc.
 
5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses 5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses
FireEye, Inc.
 

Más contenido relacionado

Destacado

Live Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective StudentsLive Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective Students
LinkedIn
 
Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)
kate harmon
 

Destacado (12)

smile2 Das iPad im Service
smile2 Das iPad im Servicesmile2 Das iPad im Service
smile2 Das iPad im Service
 
Patriotism .
Patriotism .Patriotism .
Patriotism .
 
Station service ESSO
Station service ESSOStation service ESSO
Station service ESSO
 
Die besten iPad Apps für Führungskräfte
Die besten iPad Apps für FührungskräfteDie besten iPad Apps für Führungskräfte
Die besten iPad Apps für Führungskräfte
 
Engaging a business audience of One
Engaging a business audience of OneEngaging a business audience of One
Engaging a business audience of One
 
Live Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective StudentsLive Webcast: Reaching Today's Prospective Students
Live Webcast: Reaching Today's Prospective Students
 
Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)Kent State University Makerspace (proposal)
Kent State University Makerspace (proposal)
 
Toluna Corporate Presentation
Toluna Corporate PresentationToluna Corporate Presentation
Toluna Corporate Presentation
 
Materi app iii
Materi app iiiMateri app iii
Materi app iii
 
Twitter School and #AntiquesRoadshow Live Tweet
Twitter School and #AntiquesRoadshow Live TweetTwitter School and #AntiquesRoadshow Live Tweet
Twitter School and #AntiquesRoadshow Live Tweet
 
Fracçoes equivalentes
Fracçoes equivalentesFracçoes equivalentes
Fracçoes equivalentes
 
Event Report - IBM World of Watson 2016
Event Report - IBM World of Watson 2016Event Report - IBM World of Watson 2016
Event Report - IBM World of Watson 2016
 

Más de FireEye, Inc.

SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey
FireEye, Inc.
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
FireEye, Inc.
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
FireEye, Inc.
 

Más de FireEye, Inc. (20)

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
 
EMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand StillEMEA & The Security Gap: Don't Stand Still
EMEA & The Security Gap: Don't Stand Still
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
 
[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis[Infographic] Healthcare Cyber Security: Threat Prognosis
[Infographic] Healthcare Cyber Security: Threat Prognosis
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점 M-Trends 2015: 최일선에서 본 관점
M-Trends 2015: 최일선에서 본 관점
 
M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点M-Trends 2015 セキュリティ最前線からの視点
M-Trends 2015 セキュリティ最前線からの視点
 
M-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du frontM-Trends 2015 : Les nouvelles du front
M-Trends 2015 : Les nouvelles du front
 
5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses 5 Reasons Cyber Attackers Target Small and Medium Businesses
5 Reasons Cyber Attackers Target Small and Medium Businesses
 
Connected Cares: The Open Road For Hackers
Connected Cares: The Open Road For HackersConnected Cares: The Open Road For Hackers
Connected Cares: The Open Road For Hackers
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails
 
M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat M-Trends® 2010: The Advanced Persistent Threat
M-Trends® 2010: The Advanced Persistent Threat
 
SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey SANS 2013 Report: Digital Forensics and Incident Response Survey
SANS 2013 Report: Digital Forensics and Incident Response Survey
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Are Mobile Apps the Enemy?

  • 1. iOS: the next frontier for cyber criminals iOS apps may not be as secure as you think The risks of public apps Apple Developer Enterprise Program has been abused to create malicious EnPublic iOS apps More than 80%Attackers can use undocumented or private APIs within EnPublic apps Android apps designed to steal financial data rose exponentially in 2013 (up from 260 prior to that year) The 2014 Masque attack Discovered by FireEye, the attack targeted jailbroken and non-jailbroken iOS devices. The vulnerability allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing. New iOS vulnerabilities include Universal Cross Site Scripting (UXSS) and SSL/TLS misuse of the EnPublic apps were found to use private APIs New strains of malware and zero-day exploits can target non-jailbroken iOS devices through trusted USB connections and over-the-air delivery 1,300 Freely available public apps are not subject to Apple's strict review process. of time spent on mobile devices in 2014 involved app usage 86% EnPublic iOS apps are currently available for download online 1,400 of popular Android apps on Google Play are vulnerable to JavaScript-Binding-Over- HTTP (JBOH) 31% 80% UXSS AreMobileApps theEnemy? FireEye researchers analyzed 7 million Android and iOS apps. Here's what they found. Many consumer Android apps have vulnerabilities and poor security safeguards. FireEye found more than 5 billion downloaded Android apps vulnerable to remote attacks. The riskiest vulnerability may be JavaScript-Binding-Over-HTTP (JBOH). Aggressive Android adware collects detailed user information, including: Age Household Income Ethnicity Gender Interests GPS Location Name Email Address Device ID of malware targets Android devices and apps 96% FindouthowFireEyecanhelpidentifyand managepotentiallyharmfulapps www2.fireeye.com/MobileThreatAssessment.html © 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. INFO.MA.EN.US112015