The rising mobile threats accelerated again..

The rising mobile threat is bound to surpass traditional

Friends, family, colleagues, clients, associates and the rest of you, this is just an update that the threat landscape has shifted.

There’s been a well documented and growing trend of malicious mobile apps, gaping mobile app vulnerabilities, and etc.. etc..

The reason I write today is to let you know, outside of media hype and free from business interest, to be vigilant. You should have reputable anti-malware, intrusion prevention and detection on your computers and home networks, as you know. And, many of you already have the same protections for your mobile devices. Good.

The threat landscape has become vast, and while mobile platforms *seemed* more secure, the reality is different. Having homagenous targets like android and iOS is a bad thing. As well, keeping the every day user from being able to interact with lower level systems is a mistake.

There are already, at least, 5 pieces of malware for Android and 2 for iOS, that once infected, there’s no reliable way for the user to clean the device. Those unwanted programs simply hack beyond the user’s (or any legitimate app’s) permitted level of access. Which is why I’ve always advocated against such a “security” move in the first place.

I urge you, if you haven’t already, to invest a few bucks in mobile security and try to keep in mind it’s level of connectivity to your work and your private life. While I can help, I won’t advertise my services here, nor would I be upset if you chose not to consult me.

But, it’s going to get worse. The worrisome trend, that’s prompted me to act today, is actually a downward trend in malicious activity targeted at the traditional web browser. Those “advanced persistent threat” actors are shifting attention towards mobile apps (the majority of which are already simply responsive websites bundled into tiny package).

They’re not going to go away and while the security industry has a very large pool of talent, so too does the threat. And, if you haven’t noticed, too often the industry is stuck playing “catch up”.

You’d be prudent to allow new apps to be vetted and check reviews before installing. The official stores try their best to keep us from being exposed. But, that’s just a never ending game of cat and mouse. It’s already a mistake to depend on that filter.

The largest danger is always going to be a user simply being duped into installing something bad. So, like your desktop and laptop, if you did not intend to install or run something and it prompts you, make a habit of saying no. And, I’d urge you to find how that happened and block it.

There’s no reason to panic, but I felt a personal notice could potentially save some of my loved ones some pain. Thanks for your time and enjoy your weekend!

Stuart Gray

“Sniff packets, not glue.. ya bums.” – mootiny #unixpunx @EFnet

Freelance DevSecOps Contact Form:

Feel free to contact me, if you have a use for some devsecops work! I’m usually around. Most recently, I’ve been kind of “stuck” in some web development “hell”. Just kidding, it’s been fun to revisit some old skills. Email services have been sending inquerys, as well. Would love to find something with a larger security focus to work on soon. :)