Mobile apps pose biggest threat

RSA exec says users' slack attitude toward mobile security, and ease and low cost for software development mean mobile apps increasingly main source of risk.
Written by Ellyne Phneah, Contributor

Mobile users are generally unaware of the importance of security and often assume mobile apps are safe for download. Such lax mindsets, as well as the low cost and ease in developing mobile malware, mean apps are now the main source of mobile threats, one RSA executive notes.

During an interview Friday, Avi Rosen, director of online threats managed services group at RSA, the security arm of EMC, said as mobility gains traction and consumers use their mobile devices more than personal computers, cybercriminals will see mobile apps as a way to gain access to users' devices.

Their cause will be helped by the lax security hygiene practiced by most users, who download mobile apps on to their devices without considering what may be in them, Rosen stated. These users believe once an app is published on the app store, the software is safe. But there are many rogue apps today that masquerade as original apps which secretly steal information from consumers' devices, he added.

Furthermore, most users do not see the importance of mobile security despite the amount of data, oftentimes sensitive ones, stored on their devices which fraudsters will take advantage of, the executive warned.

Malware easy to develop
Beyond consumers' slack security stance, cybercriminals are also finding it easier to write and publish a rogue mobile app as compared to one targeting PCs, Rosen pointed out. This is because they now just need to register with a mobile ecosystem operator, such as Apple's iOS or Google's Android for example, pay a fee, and gain access to tools that will allow them to design the app, he said.

There are also many app development services online these days that are accessible and simple to use, he added. Alternatively, they can pay a developer on the black market to design it for them.

Such services tend to be for more open platforms such as Android, the director said.

Rosen acknowledged that while existing mobile malware are not as severe as those targeting PCs, such as SpyEye and Zeus, the situation will change and these rogue apps and other mobile-based attacks will become more sophisticated and dangerous as more users migrate toward these devices.

Already, six men had been arrested in Japan last month for distributing an Android app which steals user information and swindle money of people, the country's first police case involving the distribution of mobile malware.

Editorial standards