Fake apps, mobile risks and vulnerabilities: How to protect your business
Whilst data breaches and security vulnerabilities are becoming everyday news stories, you have probably been looking for ways to assess your own organisation’s exposure to risk, as well as some key preventative measures you could take. Harry Stockbridge, one of O2’s Cyber Security experts, outlines how O2 can help.
On the face of it, 2018 appears to have been a year punctuated by a series of pretty serious mobile app breaches.
But for me and my colleagues in the IT industry, it doesn’t take public breaches like these to recognise that mobile application development requires a very serious focus on security. Mobile applications collect a tremendous amount of data from their users, whether it is data that users input knowingly or that they have consented to be collected by accepting the various terms and conditions that we all read so carefully. With every breach we are repeatedly reminded of just how valuable all this data is.
At the same time, organisations are using their mobile channels to connect in new and different ways with their customers and employees, resulting in the development of new applications for a range of business areas, geographies and services. It’s no wonder that organisations don’t always have a full view of all their apps and versions.
And that’s just official apps. What about the fake or copycat ones? We see brand abuse across many digital channels, and counterfeit apps continue to grow in number and sophistication, both in official and non-official app markets. Fake apps can be designed to harvest credentials, intercept critical information, generate revenue from ads, or infect devices. And with organisations releasing so many different applications, it’s no wonder we can be fooled into downloading an unofficial or malicious one.
So what can we do about it?
O2’s parent company, Telefonica, have developed a set of tools which can provide organisations with a real and updated view of the security status of organisations’ full mobile channel, giving them back the control they need. Part of our Persistent Vulnerability Assessment and Management Service (we call it VAMPS) these tools will automatically search and discover all of the published apps that are somehow related to an organisation, even fake or malicious ones that the organisation may be unaware of. With VAMPS we can also analyse apps in real time and identify new security vulnerabilities continuously, making them easier to address before they become an issue.
In one recent example, we worked with an organisation who had developed six official apps across two app stores. However using VAMPS, we discovered a total of 32 apps across six app stores. Not only did we find critical vulnerabilities in a number of the fake and copycat apps, such as remote code execution, hardcoded internal domains and dangerous functionality checking, we also found them in some versions of the official ones. We were able to provide remediation advice for the vulnerabilities that we found, as well as assist with taking down the fake apps, protecting the organisation’s assets and brand.
This is just one example of how O2’s security experts provide organisations with visibility and insight into their risks and vulnerabilities. O2’s security experts also work with vulnerabilities in other assets, including infrastructure, systems, web applications and websites. In short, VAMPS delivers a global view of an organisation’s weaknesses, continuously managing the vulnerabilities that pose a security threat, across all areas of the business.
So how secure will your business be throughout 2019? For more information about ways O2 can help keep your business secure and manage your vulnerabilities, click here or contact firstname.lastname@example.org.