What Are Our Apps Really Doing? (Network Monitoring)

 
Apps, these tiny programs on Internet-connected mobile phones, are increasingly becoming entryways for surveillance and fraud. Hackers have become more aware of the ignorance of users when it comes to their personal information. Our apps are becoming increasingly personal, with links to bank accounts, credit cards, and all sorts of information at ones fingertips. It is easy to see why mobile phones would become a target for hackers.
Malicious software, often packaged as a useful utility could be wreaking havoc on this personal information all without you knowing. Computer scientists from the center for IT-Security, Privacy and Privacy, CISPA, have developed a program that can show users whether the apps on their smartphone are accessing private information and what they do with that data. This year, the researchers will present an improved version of their system again at the CeBIT computer fair in Hanover.
Network monitoring software will detect whether a data request is related to the subsequent transmission of data and will flag the code sequence in question as suspicious accordingly. Imagine that an app gains access to your address book, and suddenly– hundreds of lines of code later, without you noticing, your phone will send your contacts to an unknown website. This is just a small example of what apps could do, given the security vulnerabilities that exist.
Researchers from Bluebox Security claim to have discovered vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into a trojan.
The core issue behind the network vulnerability revolves around how Android applications are verified and installed. Each application has a cryptographic signature, to ensure that the contents of an application have not been tampered with. The vulnerability, however, allows an attacker to change the contents of an application, but still leave the signature intact.
Apple’s iOS is also becoming a platform for intrusion. App developers typically build and test an app in beta mode on Apple’s iOS Developer Enterprise Program. It then goes through stringent tests by Apple for security before it is pushed out on the App Store.
Now hackers are creating apps through this program and sending them to people via text messages or emails as a link. When a user clicks the link, the malicious app is downloaded on their device.
Network monitoring and security has reached a pivotal point in our lives where it’s no longer optional. To make things a bit easier to decipher– only download apps from trusted and verified publishers. As mobile security expands, more and more options will be available for detection and prevention of security breeches.
 
By: Erica West, Support Engineer
http://www.sciencedaily.com/releases/2015/03/150310074103.htm
http://www.cnbc.com/id/102462850