McAfee Labs Threats Report: Mobile Apps Suffer From SSL Vulnerabilites

Without you knowing about it, your smartphone could be prone to security attacks where malicious apps are able to change system settings and even gather your personal information. The February edition of McAfee Labs Threats Report was released by Intel Security and it revealed that developers have been neglecting the security feature implementation in mobile apps making them susceptible to secure sockets layer (SSL) vulnerabilities. The report suggests that aggressive potentially unwanted programs (PUPs) are spreading like wildfire. The team of researchers at McAfee Labs believes that if mobile app developers had paid attention to implementing the critical SSL patch, problems such as improper digital certificate chain validation, would not have occurred.

Last month, the McAfee researchers put 25 most popular apps from CERT’s list of vulnerable mobile applications on their radar and found that 18 of them did not have the most important security patches even after releasing multiple updates. The McAfee team created a simulation of several man-in-the-middle (MITM) attacks and they were able to extract critical information such as user's passwords and other login credentials easily.

mcafee-labs-threats-report

Though the team has no information about mobile apps being exploited in reality, since the number of downloads on these apps exceeds millions, being prone to SSL vulnerabilities puts them all at risk. You would agree with us when we say that the numbers shared in the Threats Report are really alarming. For instance, it says that mobile malware sample have grown to 14% in the last quarter of 2014 alone and there are more than 91 million systems having PUPs. On one hand, there's ransomware growing to 155% in 2014's fourth quarter, on the other there's more than 380 samples of malware being detected every minute by the team at McAfee Labs.

The report also talks about the Angler exploit kit, which very quickly succeeded the Blacole exploit kit after the latter’s creator was arrested in late 2013. Angler is even more powerful and prevalent than Blacole. And because Angler is simple to use and widely available through online dark markets, it has become a preferred method to transport malware.

What are thoughts about security risks presented in the McAfee Labs Threats Report? Share with us in comments below.

Source: #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

The big daddy of smartwatches is back in a new avatar. Pebble Technologies has announced and begun the crowd funding of its new smartwatch. The new smartwatch titled Pebble Time...
Project Abstract / Summary : ARCHAEOPTERYX- A Modern UMS Do we ever think about the soldiers who are sacrificing their lives for our country ? Are our brothers really safe...
Project Abstract / Summary : Potable (i.e., drinking) Water is a necessity to which millions of people throughout the world have limited access. Water is often seen as the most...
Project Abstract / Summary : The aim of the overall system is to provide a low cost and efficient navigation aid for blind which gives a sense of artificial vision...
iRepair India was founded in 2008 by Harsha P J, Ajay Hedge and Suneil Gupta. iRepair is a Consumer Electronics company that provides professional repair services for portable electronics. They...