With the development of technology, a tremendous rise in smartphone usage has been observed. Whether its for booking a cab, keeping a track of birthday, surfing the net, ordering food, or using maps for direction, man has developed smartphone dependency to make life easier, faster and smoother. You name it and you have it with you on your smartphone.
Apps are a tool for convenience. The fundamental purpose of apps is to offer a swift and hassle-free usage. But have you wondered if the apps you download, are safe or not?
As mentioned in the McAfee report, a 2014 Nielsen Study states that the number of apps used by a person over the course of a month increased from 23 in 2011 to 27 in 2013. Moreover, the time spent on the apps has as well increased drastically. The time spent on mobile apps has statistically increased by 65 percent, from about 18 hours a month in 2011 to 30 hours a month in 2013.Below is a graphical representation of these statistics.
Along with the app, comes security and privacy concerns. As the report states, while ‘Games’ is the most popular Apple app store category, it is at the same time the most abused category. In most cases, users agree to share their personal information when apps are first installed.
Mobile App Vulnerabilities
The genesis of this mobile app vulnerability is a cryptographic process, used by mobile apps to establish secure connections with Internet websites. Both BERserk and Heartbleed are examples of cryptographic vulnerabilities.
BERserk vulnerability is a flaw in the RSA (RSA is public-key cryptosystems and is used for secure data transmission) signature verification process that is performed by both mobile and nonmobile applications when establishing secure connections. The BERserk vulnerability makes it possible for an attacker to forge RSA certificates, and establish man-in-the-middle (MITM) attacks without the user’s knowledge. Therefore, the confidentiality and integrity of sessions between customers and the websites gets compromised.
During a man-in-the-middle (MITM) attack, an attacker surreptitiously inserts code into the communication channel between the two parties. The attacker can follow the entire conversation or can manipulate the entire conversation. MITM attacks begin by breaking the cryptographic process of authentication between the two parties. SSL /TLS is the most common cryptographic protocol and is thus the most commonly broken.
SSL stands for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browser’s URL and possibly a green address bar if secured by an EV Certificate.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Heartbleed is another vulnerability in the OpenSSL implementation of the SSL/TLS protocol that allows attackers to exploit secure connections between users and websites. Around 17% (around 500,000) of the world’s secure web servers were vulnerable to Heartbleed exploits.
Cryptographic vulnerabilities in mobile applications
In September 2014, CERT (Computer Emergency Response Team) had published a list of mobile apps, vulnerable to MITM attacks because they don’t properly validate SSL certificates. McAfee Labs found that 18 of the 25 most downloaded vulnerable apps that send credentials via insecure connections are still vulnerable. The most downloaded vulnerable app is a mobile photo editor with between 100 million and 500 million downloads.
Safety Steps for Apps
- Download only highly rated and well-known apps from trusted sources.
- Ask yourself some questions to reconsider the app for download. Why must you login? What benefit or purpose does it serve? Are the pro version options really worth the potential compromise of personal data?
- Ensure that every login for every app is unique. Regularly changing and managing passwords.
Exploit kits is a kind of malicious toolkit used to exploit security found in software applications for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers. Cybercriminals use exploit kits to spread malware. Exploit kits mostly target vulnerabilities in Internet Explorer, Firefox, and Chrome. They also take advantage of holes in programs such as Adobe Flash Player, Adobe Reader, and Java.
The following pie chart shows the most prevalent exploit kits of 2014.
The creator of the popular Blacole exploit kit was arrested in late 2013. The Blacole exploit kit, also known as “Blackhole”, infects PC with other malware, such as trojans and viruses. When a user visits a malicious or compromised website, Blacole scans the PC for vulnerabilities or weaknesses in the software. The exploit kit then uses those vulnerabilities and downloads malware into the system.
However, the malware community quickly shifted to Angler exploit kit, so as to continue with malware infections into the systems. Angler became one of the most popular methods to transport malware because it does not require technical proficiency and is accessible through online ‘dark’ markets.
The Angler exploit kit is very active. It frequently changes its patterns and payloads to hide its presence from security products. Its features are as follows:
- Uses two levels of redirectors before reaching the landing page.
- Compromised web servers hosting the landing page can be visited only once from an IP. The attackers are clearly actively monitoring the hosts.
- Detects the presence of virtual machines and security products in the system.
- Makes garbage and junk calls to be difficult to reverse engineer.
- Encrypts all payloads at download and decrypts them on the compromised machine.
- Uses fileless infection (directly deployed in memory).
The following image shows Angler exploit kit infection chain:
An Angler exploit kit landing page is highly obfuscated to make reverse engineering difficult and becomes challenging for threat researchers. It also includes junk contents in the code to evade detection.
Protect your System against Angler Exploit Kit
You can protect your system by following simple steps to ensure an Angler free system.
- Use a security-conscious Internet service provider that implements strong antispam and antiphishing procedures.
- Enable automatic Windows updates, or download Microsoft updates regularly, to keep operating systems patched against known vulnerabilities.
- Configure antivirus software to automatically scan all email and instant-message attachments. Make sure email programs do not automatically open attachments or automatically render graphics, and ensure that the preview pane is turned off.
- Beware of spam-based phishing schemes. Don’t click on links in emails or instant messages.
- Use a browser plug-in to block the execution of scripts and iframes.
There are 387 new threats every minute, or more than 6 every second.
The information comes from millions of mobile devices around the world. Malware includes viruses, Trojans, and PUPs. The mobile malware grew 14% during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates.
Cyber criminals are devising new ways of spreading malware. Initially, it used to be web based scams, phishing attacks and viruses into users system, but now, with the growth of smartphones, mobiles have become the new targets of these people to cause nuisance. There are pros and cons of everything. With the Internet of Things rising, it is hard to say if wearables will be spared from such attacks.