Category: Mobile Security

McAfee report highlights risky applications and their impact on mobile security

Mobile applications are universally popular among mobile consumers. Nearly everyone that has a smart phone or tablet makes use of applications in some way, whether they be for browsing the Internet or checking email. Most of these applications are unassuming, offering simple services for literally nothing in return. A growing number of applications are becoming less altruistic, however, according to McAfee Labs, a leading security analysis firm. The firm has released its latest Mobile Security: McAfee Consumer Trends Report, detailing a troubling trend that has emerged in the mobile world.

Malicious apps find their way onto trusted marketplaces

McAfee notes that mobile platforms have become very attractive to hackers and other malicious groups that can exploit a person’s personal information. While applications have made the lives of consumers easier, they have also opened these consumers up to new threats that go mostly unnoticed. According to McAfee, more applications are being introduced to markets that contain multi-faceted scams, black market crimes, imbedded malware, and other threats. A significant number of these applications are finding their way to popular app stores, successfully sidestepping the security features that are meant to keep these marketplaces safe.

Education may be part of the problem

Education — or lack thereof — is part of the problem, according to McAfee. While many consumers have become more aware of the threats that exist in the world of mobile security, few understand exactly what these threats mean. Fewer still take steps to adequately protect themselves from these threats. Many consumers rely on large companies like Apple and Google to protect them from malicious attacks through various mobile security services offered by these companies, but the growing complexity and aggressiveness of these attacks is making it nearly impossible for such companies to stave off threats on their own.

Google Play reportedly falling prey to malicious groups

McAfee claims that hackers go through extraordinary efforts in order to insert their malicious application into trusted applications markets like Google Play. The firm notes that 75% of its McAfee Mobile users downloaded such applications from Google Play specifically. While Google regularly removes thousands of these applications from its marketplace, thousands more replace these applications on a nearly daily basis, making it difficult for Google to make significant headway concerning mobile security.

Instructions have been released to help to decrease the risk associated with transactions in certain areas.

The Payment Card Industry (PCI) Security Standards Council has just released new merchant guidance to help to increase the security available while accepting mobile payments, which is an inherently risky area.

It is recommended that card acquirers and issuers, and banking institutions should apply this guidance.

These types of institution should help to provide this mobile payments guidance while assisting merchants with security in end to end transactions. This, according to Steve Kenneally from the American Bankers Association Center for Regulatory Compliance. He added that “Shining a spotlight on the need to improve payment security is always a great idea.” And said that “Providing specific recommendations on how to achieve a higher level of security is even better.”

The mobile payments environment must be made secure before consumers can be ensured that it is safe.

Kenneally said that his organization anticipates that the PCI guidelines will be able to be used as an additional important tool that can be used by acquirers in order to boost the security of transactions through merchants.

Among the mobile payments security issues that were addressed within this new guidance from the PCI Council are the following:

• Account data entry risks connected with smartphones and tablets, including the information transmitted through the devices as well as the data that is stored within those gadgets.
• The procedures that should be followed by merchants in order to make certain of the security on a physical and transactional level with the devices that are used for the acceptance of the mobile payments.
• Instructions for the various components that should be applied to the acceptance of the transactions, such as software, hardware, and the use of various different acceptance solutions, in addition to considerations regarding the relationship with the customer him or herself.

The PCI guidelines, said Kenneally, take into account that some of the qualities that make accepting mobile payments as appealing to merchants as it is can also offer opportunities to fraudsters. Therefore, it is very important to take specific and careful action to avoid risks as much as is possible.