The proliferation of mobile devices accessing agency networks, including employees’ personal smartphones and tablets, offers a prosperous playground to hackers.
The Peel Smart Remote app is a widely used Google Play application (100M+ installs) that has often made the news because of its highly intrusive behaviors, such as full screen overlays and untimely advertising, causing poor user experience.
Last week, the Pradeo Security engine alerted its users about severe security issues discovered in the app’s 10.7.3.3 version. It has been found that the application collects and leaks users’ pictures to a server that does not belong to the app publisher. Last Friday, the application was updated on the Google Play store (now version 10.7.4.2), the leaky behavior has been removed from the code but yet no communication was made by the company on this matter. Because applications’ update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed.
Applications have won mobile, that’s no longer news. As most organizations leverage mobile apps to enhance their users’ online experience, the whole mobile ecosystem is evolving accordingly. Cybercriminals and greedy individuals see in applications a surface to make money out of. Governments see in this surface a big risk for data privacy. Users trust in companies’ capacity to keep their information safe.
Maintaining a safe digital framework can be a tricky task for large organizations’ IT teams. To help them, some solutions such as security information and event management (SIEM) softwares are specifically designed to group and analyze large amounts of data and make them comprehensible at a human scale. By relying on these capabilities, a SIEM can alert on suspicious and potentially illegitimate behaviors, providing security heads with visibility in a security context.
Nowadays, the vast majority of employees is using smartphones or tablets as part of their work. Those devices, whether they are corporate (COPE) or personal (BYOD), are a gateway to organizations information systems.