Saturday, 23 August 2014

SECURITY CODES (PART 2)


Improve the Security of Your Mobile Applications




Mobile App and Mobile Code Security Risks

There are 2 main categories of mobile code security risks. The category of Malicious Functionality is a list of unwanted and dangerous mobile code behaviors that are stealthily placed in a Trojan app that the user is tricked into installing. The user thinks they are installing a game or utility and instead get hidden spyware, phishing UI, or unauthorized premium dialing.
A. Malicious Functionality
  1. Activity monitoring and data retrieval
  2. Unauthorized dialing, SMS, and payments
  3. Unauthorized network connectivity (exfiltration or command & control)
  4. UI Impersonation
  5. System modification (rootkit, APN proxy config)
  6. Logic or Time bomb
The category of mobile security vulnerabilities are errors in design or implementation that expose the mobile device data to interception and retrieval by attackers. Mobile code security Vulnerabilities can also expose the mobile device or the cloud applications used from the device to unauthorized access.
B. Vulnerabilities
  1. Sensitive data leakage (inadvertent or side channel)
  2. Unsafe sensitive data storage
  3. Unsafe sensitive data transmission
  4. Hardcoded password/keys

No comments:

Post a Comment