Appthority Report Highlights Mobility Management Threats from Q2 of 2016
Appthority have just released their Q2 2016 Enterprise Mobile Threat Report with mobile app risk research from the Appthority Enterprise Mobile Threat Team (EMTT). The report provides analysis of the state of security in the Apple App Store with details on the latest breaches as well as an expert review of an updated enterprise security toolset from Google, Android for Work.
In the Q2 2016 Enterprise Mobile Threat Report, the company gives a detailed view of the latest iOS breaches: JSPatch and AceDeceiver. The JSPatch open source platform is being used by cyber criminals as a backdoor to modify apps, exposing an enterprise to data leakage and privacy issues. AceDeceiver, a Trojan app which phishes for users’ Apple username and password was removed from the App Store after two months but remains as a Dead App on employee devices where it increases enterprise risks of data leakage.
“Six security vulnerabilities have surfaced in the Apple App Store in the last seven months, meaning enterprises can no longer blindly trust Apple’s vetting process for apps and need to take additional steps to ensure they are not at risk,” said Robbie Forkish, vice president of engineering at Appthority. “Even as hundreds of infected apps are removed from the App Store, enterprises need an easy, quick way to identify and remediate infected apps, as well as other ‘Dead Apps’ in their enterprise environments.”
The report also reviews Google’s new enterprise toolset Android for Work. The EMTT found that while Android for Work takes steps to improve the security posture of Android in the enterprise, there continue to be challenges for Android. Most notably, the fact that most Android devices are running un-patched, outdated versions of the OS, means security risks remain high.
“Android for Work is a great step in the right direction by Google,” said Domingo Guerra, co-founder and president of Appthority, “but enterprises will need to go further. With only 4.6 percent of Android devices running Marshmallow six months post launch, security patches to known vulnerabilities are not making their way to the enterprise quickly enough. And, to quickly and securely identify and populate Work Profiles with enterprise safe apps. IT and Security Administrators will still need an app risk management solution.”
Key findings from the Q2 2016 Appthority Enterprise Mobile Threat Report
Apps infected with security vulnerabilities are still being allowed into the official Apple App Store– More than 960 apps infected with JSPatch were found on enterprise customer devices and the official iTunes App Store. JSPatch increases enterprise data and privacy risk because it creates a backdoor for bad actors to make app changes that enterprises are not aware of and which are never re-vetted by Apple.
The AceDeceiver Trojan app shows that phishing and “Dead Apps” are still real enterprise security concerns – The AceDeceiver trojan provides access to a third party or rogue app store and leverages security flaws in Apple’s DRM technology to install itself onto non-jailbroken devices without any warnings to the user. The AceDeceiver Trojan also acts as a phishing attack, asking the user for his or her Apple ID and password. The credentials are then sent to the attackers inChina. This vulnerability was live in the App Store for over two months, and apps infected with the Trojan are still found on enterprise devices today.
Android for Work improves enterprise experience, but low OS upgrades leave organizations at risk – IT Administered Work Profiles could prove helpful, new VPN functionality helps prevent corporate data leakage and overall security improvements all make Android more attractive for enterprise use, but with most devices not on the latest Android software, risk remains high.