Study: Mobility against Security

21 March 2012

mobile devicesAccording to a research called “The Impact of Mobile Devices on Information Security” published by Check Point® Software Technologies Ltd., the number of mobile devices connected to corporate networks doubled in 2010-2011. Half of these devices contain confidential information.

The management of 70% of the surveyed companies are confident that it is the use of mobile devices that results in the increased number of data leaks. This mostly happens when devices containing corporate emails (80% of cases), client databases (around 50%) and corporate passwords (around 40%) get lost or stolen.

Corporate users are actively embracing mobile devices and services, thus creating a lot of problems for IT experts responsible for the security of corporate data. Modern standards do not cover new security threads, and yet it’s not reasonable to completely stop using mobile devices, since they give users a number of advantages that boost their performance and provide them with quick and convenient mobile access to corporate resources.

Check Point report highlights:

  • In 94% of companies, the number of mobile devices connected to corporate networks has increased.
  • In 78% of companies, their number has more than doubled over the past two years.
  • The most popular mobile platforms used in corporate networks are:
    1. Apple (30%)
    2. BlackBerry (29%)
    3. Android (21%)
  • 43% of companies believe that Android-based devices pose a serious threat to their information security.
  • The key threats undermining information security are:
    1. Lack of knowledge in the information security field among corporate users (over 70%).
    2. Use of mobile devices for web browsing (61%)
    3. Use of unprotected wireless connections (59%)
    4. Device loss of theft (58%)
    5. Downloading of malicious software to mobile devices (57%).

Android: protection of private information

11 May 2011

Android: protection of private informationAs Android, an open source mobile platform, is steadily gaining popularity, more and more applications are released for it. The flipside of this popularity, however, is the emergence of malware modules, backdoor tools and other unexpected and unpleasant “Easter eggs” in regular applications that are often used for collecting more user-related information than necessary and allowed.

Luckily, users now have a decent (and affordable) solution for this problem. A set of two security tools, Privacy Blocker and Privacy Inspector, will help you keep excessively curious programs on your smartphone on a short leash.

Privacy Inspector is a vulnerabilities scanner. It scans the entire system, checks every program installed and reports any suspicious functions they use. A thievish app can be removed at once or “tricked” using the second tool from the set.

Privacy Blocker can also scan your Android OS and show you what programs are requesting data irrelevant to their primary purpose. But that’s not all. Privacy Blocker makes it possible to use suspicious programs if you really need them. However, it will pitch completely useless gibberish to them instead of the information they request, so rest assured that your private information is safe and won’t be sent to third parties.

65% of all Android applications spy on their users

4 February 2011

65% of all Android applications spy on their usersResearchers called Android’s integrated security system inefficient after finding out that two out of three Android applications log dialed phone numbers and GPS coordinates, as well and perform other rather suspicious activities.

22 out of 30 popular apps downloaded from Android Market performed did the following:

  • 15 applications forwarded the device’s GPS coordinates to advertising companies
  • and 7 other applications sent personal user data to third-party servers.

Nearly all applications did not let users know about these activities, although some of them sent data as often as twice a minute. It clearly demonstrates that the current security mechanisms used in Android OS do not guarantee users’ protection from actions performed by hidden functions of any of the available 70,000 applications.

Representatives of Google Inc, the developer of Android OS, recommend installing trusted and verified applications only.

Bear in mind that Android is an open source operating system and this fact enabled the researchers to create TaintDroid, a special tool for monitoring  confidential data used for this experiment. If a similar tool could be created for closed operating systems by Apple, RIM or Microsoft, the results might well be similar.

The research team did not mention the names of the apps they used in the experiment and have no plans to make TaintDroid publicly available.