Study Suggests ‘Vulnerable’ Apps Could Be More Common Than People Think
Businesses don’t want to stop users from accessing apps that will aid their jobs or make their devices more usable. It’s also not practical for most businesses to analyse and whitelist apps.
A recent BBC report highlights the importance of defending mobile devices that can access corporate data from not just obviously rogue apps (e.g. blocking sideloading) but also seemingly ‘good’ apps that may contain recycled code.
The write-up goes on to report that a team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website. The site is popular with developers seeking advice on the best way to fix broken code.
But researchers found many of the most copied snippets lacked basic checks that would stop common attacks. The dangerous code chunks often used obsolete functions, did little to check user responses and did not look for attempts to break the application, said the study.
Researchers scanned through a website where many developers upload and share the code behind their apps and programmes. The most widely used insecure code blocks turned up in more than 2,800 separate projects on the Github website. The team, involving experts at Canadian and Iranian universities, focused on the C++ programming language, which is used in a huge variety of projects, from small programs to large distributed systems. Those they found using the problematic code chunks on Github that they may have introduced security risks into their apps and programmes.
Only 13% of the developers contacted said they had fixed the code. A similar number declined to fix the bugs. Some 40% said the code was safe because users could not change it once an app was running.
AVR Support Manager Chris Knight comments,
“No one would dream of allowing a traditional Windows endpoint to access corporate data without adequate AV and the same attitude should be applied to all mobile devices. A well-configured MDM coupled with an MTD solution will provide the protection required. AVR has helped some high profile customers like VWG secure their mobile estate”
The sheer number of mobile apps can be a nightmare for most businesses. AVR has deployed a solution for VWG Head Office staff for over 1500 mobile devices (MobileIron and Lookout) that constantly analyses all apps installed on all devices and mitigated any threat by removing access to corporate data. You can find out more here.
Reports this week have announced that computers at the DCH medical centres have been infected with ransomware. Three hospitals that make up the group in Alabama were closed to new patients as the attack paralysed the health network’s computer system.
With a new direction comes a fresh new look and feel. We’ve invested a huge amount of the time in understanding the key features of each product and solution, whilst using our knowledge and insights to match these to our customer’s requirements.