A follow-up from last week. Yes, one of the ways to get malware on to a smartphone was the "store," which, last week's article was alluding to, is infallible. Well, the Android marketplace just took down 50 rogue apps that were malicious, all published under fake developer names. That sounds like the alleged infallible method just fails 100 times over. Why 100? 50 fake developers and 50 malicious apps, that weren't caught for some period of time. So how many people downloaded and use them? Well, probably more than the number on one hand, as stated from last week. Looks like these apps were only after cloning your phone, but there is so much more that could happen here.
And remember the article we wrote about last week? Just remember according to the author we have nothing to worry about because it is not that bad yet. This kind of goes with a theme we are developing for the week. That is, we are making the same mistakes people. We need to do a bit more than wait for the security on mobile devices to blow up in our faces before we start to worry about it.
Get in front of the issues and start figuring how you are going to secure these devices in your enterprise now. Don’t wait until a 0-day pops all of your mobile devices.
Originally discussed during episode 233
John Strand will be teaching SANS 660 Advanced Network Penetration Testing and Metasploit for Penetration testers This April in Reston, VA April 15 - 23.
Larry will be teaching SANS 617 Wireless Ethical Hacking, Penetration Testing, and Defenses May 9th - 14th in Victoria BC.