Mobile app developers are slow to address even basic SSL vulnerabilities putting apps users to high risk, observes the McAfee Labs Threats Report: February 2015, released by Intel Security recently. The report includes assessments of the mobile threat landscape & the failure of mobile app developers to patch critical secure sockets layer (SSL) vulnerabilities, potentially impacting millions of mobile phone users. McAfee Labs also reveals details on the increasingly popular Angler exploit kit, & warns of increasingly aggressive potentially unwanted programs (PUPs) that change system settings & gather personal information without the knowledge of users.
In September 2014, the Computer Emergency Response Team (CERT) at Carnegie Mellon University had released a list of mobile apps possessing this weakness, including apps with millions of downloads to their credit.
In January, McAfee Labs says it had tested the 25 most popular apps on CERT’s list of vulnerable mobile apps that send login credentials through insecure connections & had found that 18 still have not been patched despite public disclosure, vendor notification, &, in some cases, multiple version updates addressing concerns other than security. McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. The vulnerable data included usernames & passwords, & in some instances, login credentials from social networks & other 3rd party services.
“Mobile devices have become essential tools for home to enterprises users as we increasing live our lives through these devices & the applications created to run on them,” said Vincent Weafer, SVP of McAfee Labs, part of Intel Security. “Digital trust is an imperative for us to truly engage with and benefit from the functionality they can provide. Mobile app developers must take greater responsibility for ensuring that their applications follow the secure programing practices and vulnerability responses developed over the past decade, and by doing so provide the level of protection required for us to trust our digital lives with them.”
Another Q4 development followed closely by McAfee Labs was the rise of the Angler exploit kit – one of the cybercrime-as-a-service economy’s latest contributions to off-the-shelf tools delivering ever greater malicious functionality. Researchers saw cybercriminals migrate to Angler in the second half of 2014, when it surpassed Blacole in popularity among exploit kits. Angler employs a variety of evasion techniques to remain undetected by virtual machines, sandboxes, & security software, & frequently changes patterns & payloads to hide its presence from some security products.
Mobile apps fail to patch ‘basic’ security flaw, McAfee Labs says – CBC.ca
http://news.google.com Feb 26, 2015
McAfee Labs, the research arm of Intel Security, followed up in January, testing the top 25 most popular apps outed by the university for having “the most basic” SSL problem …
McAfee Labs: Your Favorite Apps Vulnerable to Attack – Wall Street Journal
http://news.google.com Feb 24, 2015
A study by McAfee Labs shows a majority of the most popular mobile apps may leave users vulnerable to hackers. Intel’s Michelle Finneran Dennedy explains.
Vulnerable mobile apps are not being patched — millions of people at risk – BetaNews
http://news.google.com Feb 24, 2015
In January, McAfee Labs tested the 25 most popular apps on CERT’s list of vulnerable mobile apps that send login credentials through insecure connections and …
Share This
