Mobile phone users’ data at risk of attacks: McAfee

McAfee Labs reported that mobile malware samples grew 14 per cent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates.

February 24, 2015 03:41 pm | Updated 03:41 pm IST - New Delhi

Most downloaded vulnerable app in this group is a mobile photo editor with between 100 million and 500 million downloads. File photo

Most downloaded vulnerable app in this group is a mobile photo editor with between 100 million and 500 million downloads. File photo

Cellphones with mobile applications could be potential target of cyber attacks globally and subscribers’ data including usernames and passwords are at risk, security software maker McAfee said on Tuesday.

The failure of mobile application developers to patch critical secure sockets layer (SSL) vulnerabilities could potentially impact millions of mobile phone users, according to McAfee Labs Threats Report: February 2015 .

It said that in September 2014, Computer Emergency Response Team (CERT) at Carnegie Mellon University released a list of vulnerable mobile applications and McAfee Labs in January tested the 25 most popular apps on the list.

During the tests, it was found that 18 have still not been patched despite public disclosure, vendor notification, and, in some cases, multiple version updates addressing concerns other than security.

The report said most downloaded vulnerable app in this group is a mobile photo editor with between 100 million and 500 million downloads. The app allows users to share photos on several social networks and cloud services.

“McAfee Labs researchers simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third party services,” it said.

Although there is no evidence that these mobile apps have been exploited, the cumulative number of downloads for these apps ranges into the hundreds of millions, the report said.

“Given these numbers, McAfee Labs’ findings suggest that the choice by mobile app developers to not patch the SSL vulnerabilities has potentially put millions of users at risk of becoming targets of MITM attacks,” it added.

McAfee Labs also warned of increasingly aggressive potentially unwanted programs (PUPs) that change system settings and gather personal information without the knowledge of users.

McAfee Labs reported that mobile malware samples grew 14 per cent during the fourth quarter of 2014, with Asia and Africa registering the highest infection rates.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.