[ad_1]
Reports claiming that many apps distributed via the Apple App Store secretly leak user data should be a wake-up call for IT managers in the company. It signals a new front in the eternal enterprise security wars.
The business risk of personal data
In appearance, the extracted data is somehow … personal: the location, browser history, information of this type provide additional information about what individual users do. Why should this concern a company?
It's a rhetorical question, of course. Most business security professionals recognize that any form of data exfiltration is a global challenge.
As the security environment becomes more complex, criminals increasingly combine data from multiple sources to identify targets, identify individuals, and turn that knowledge into raw money.
We also know that Apple manufactures its platforms Safer, criminals who still choose to target the platform are becoming more and more sophisticated.
They will even pay $ 15 for Apple ID data and there is a huge online market for pre-built phishing and hacking tools. A survey conducted by Malwarebytes earlier this year said that malware attacks on Macs had increased by 270% in 2017.
Upgrading Threat Information
Wickie Fung of Palo Alto Networks warned: "Enterprises must insist on complete visibility of security in their environment, including users, applications, data and threats."
Staff should be aware of the risk of installing unapproved applications.
Organizations must implement procedures and protocols to protect against the installation of data exfiltration applications. They must also recognize that third-party applications that do things more efficiently than they provide themselves will be quickly secured. analysis.
It is also important to check whether existing threat intelligence systems are able to identify instances in which malicious applications secretly steal data.
The risks are real
Phishing attacks are much more effective if they are targeted precisely to users' habits – and users remain the weakest link in the security chain.
Criminals understand (as did Cambridge Analytica) that the value of data retrieved from multiple stacks of data far exceeds that of data contained in a single stack. Analysis systems make it possible to identify and militarize such data.
There is money in these practices and the potential to find information that can infiltrate otherwise robust computer systems, as demonstrated by a recent study on cybercrime by the School of Behavior and Social Sciences.
Information about a target's browsing habits can become a malware-infested message that is designed and customized to allow the end user to infect the end user's machine to compromise the security of the business .
Data responsibility
While it seems too practical that these revelations about a security flaw in the App Store model appear as Apple prepares to announce new mobile devices, it seems unwise to dismiss them.
It is also clear that even if the information tarnishes Apple's security model, other platforms will inevitably experience secret data entry via harmless applications.
Any responsible platform developer must already take strong measures to protect against this, including requiring that applications maintain a strict (and transparent) data protection policy, as Apple demands.
This thing matters. All applications recently identified as dishonest by Malwarebytes, the Sudo Security researcher and security researcher, Patrick Wardle, would (I think) violate the new data privacy rules that Apple is now emphasizing on developers.
Not only that, but the developers of these applications should have taken much more responsibility for all the data they chose to exfilter, under the new rules of Apple.
It is absolutely forbidden to take such information without the express consent of a user.
Apple CEO Tim Cook has often stressed that "privacy for us is a human right, a civil liberty."
Today, we should all recognize that the price of protecting these rights is eternal vigilance.
Honey traps for us
The applications involved in these practices should be considered as honey traps:
Adware Doctor, for example, promises something that users want – to eliminate unwanted online advertising, but fails to inform them that browsers' history will be secretly sent to unknown servers based in China.
The fact that the application is one of the best applications distributed on the App Store adds an additional layer of risk. We have all learned that apps distributed in the store tend to be reliable. Apple now needs much tougher security controls for all apps listed in the top 100 apps from all countries and stores in the future.
However, the company's security managers must also inform users of this new emerging risk on the App Store and advise against the installation of any relatively obscure application on any business device sure any platform, unless chosen from an approved list.
I mentioned gray computing: users will use third-party solutions if they are better or easier to use than the applications provided by the company. This means that the enterprise security team must evaluate and verify the security of the popular third-party applications used on their networks, as these applications will be used regardless of the number of published ratings. Best practice tips will be a much more effective response than the top-down warnings against using such applications.
Google+? If you're using social media and you're a Google+ user, why not join AppleHolic's Kool Aid Corner community and get involved in the conversation as we pursue the spirit of the new Apple model?
Do you have a story? Please leave me a message via Twitter and let me know. I would like you to choose to follow me on Twitter so that I can inform you of new articles that I publish and reports that I find.
[ad_2]
Source link
