Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Spyware Vulnerability Warning on Smartphones

Veracode : 12 March, 2010  (Technical Article)
Mobile phone applications could be used as vehicle for downloading spyware warns Veracode in the wake of high profile mobile phone stalking case
With the recent headline-grabbing story about a stalker who hijacked his ex-girlfriend's cell phone for three years (story), Veracode's CTO Chris Wysopal warns that greater threats are lurking beyond spyware intentionally installed by someone you know. According to Wysopal, "the more insidious story is that a user could easily download an application innocently - a game, a social media app, or a banking or shopping app - that subsequently installs similar spyware."

This "innocent" downloading is exactly why application providers and app stores need to provide independent proof that their software doesn't behave inappropriately or have vulnerabilities that can be exploited by malware. Unfortunately, many consumers have a false sense of security, assuming that everything in official app stores must be trustworthy. That simply isn't the case.

The Veracode team has witnessed first-hand how an application developer, with just a few days of work, can incorporate spyware behavior in a legitimate application. With this most recent cell phone stalker story coming on the heels of concerns associated with apps like Storm8, 09Droid and Symbian Sexy Space, we are only at the tip of the iceberg. "The industry should use examples like these to hold application providers' feet to the fire so we don't allow what's happened to the PC to happen on cell phones," continued Wysopal.

To gain a better understanding of the reality of these threats, Tyler Shields, a senior security researcher with Veracode, recently gave a presentation at ShmooCon 2010 to raise awareness about the threats of mobile spyware, particularly as it relates to data privacy. One of the goals was to demonstrate how mobile applications can access and leak sensitive information, using only the provider's APIs and no trickery or exploits of any sort.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo