FireEye Assessment of 7 Million iOS and Android Apps shows a disconcerting scenario

Pierluigi Paganini February 28, 2015

FireEye released a report containing the results of a comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps.

According to U.S. firm FireEye, more than five billion downloaded Android apps are vulnerable to cyber attacks due to the presence of security vulnerabilities in the Android OS.

Researchers at FireEye analyzed more than 7 million mobile apps on Android and Apple iOS between January and October 2014 discovering that 96 percent of malware target Google Android.

The experts sustain that it is common practice to trojanize legitimate app with any kind of malicious code, this process is quite easy the Android app due to open-source nature of Android OS.

“We reviewed popular apps (those with more than 50,000 downloads) to assess their exposure to the JBOH attack. Nearly a third, 31 percent, were vulnerable (see Figure 2). Of these JBOHvulnerable apps, 18 percent fell into categories with potentially sensitive data: finance, medical, communication, shopping, health, and productivity. ” states the “FireEye Mobile Threat Report.” 

Financial malware is the most popular type of malicious code targeting mobile users.

“You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it,” Jason Steer, director of technology strategy at FireEye told CNBC by phone.

The number of malware that infected Android devices is passed from roughly 240,000 unique samples in 2013, up to more than 390,000 unique samples in the first three quarters of 2014.

Among these security issues, the principal problems are related to the lack of encryption for data transfer between the mobile apps and servers.

FireEye Report mobile assessment 2

Another source of problems for mobile users is represented by third-party advertising software used by many mobile apps to display ads. This software collects a huge amount of user’s data that usually transfer in an insecure way, leaving users open to cyber threats.

Android isn’t the unique mobile OS affected by security vulnerabilities, also Apple iOS is affected by serious flaws exploitable by hackers.

It is not only Android apps that are vulnerable, however. Cyber threat affecting iOS devices can be classified into the following categories:

  • Vulnerabilities and information leaks, especially from background apps
  • Public apps distributed through enterprise provisioning, also known as EnPublic apps
  • Malware

Researchers at FireEye verified that threat actors were able to compromise Apple devices with malware that are able to infect also non-jailbroken device.

FireEye explained that hackers are also overwhelming the stringent verification process implemented by Apple to deploy mobile applications in its official store.

In a common process iOS developers design their app in beta mode on Apple’s iOS Developer Enterprise Program, then the mobile applications is tested by Apple for security before it is deployed in the App Store.

The researchers highlighted that attackers are now creating malicious apps through the Apple program, then sending them to victims via text messages or emails as a link. When a user clicks the link the app the malware is installed in the targeted device.

“Attackers use undocumented APIs – which normally get an app rejected under Apple’s review process – for powerful attacks.” states the report.

Pierluigi Paganini

(Security Affairs –  mobile apps, FireEye)



you might also like

leave a comment