Security Market Segment LS
Monday, 25 November 2019 16:56

Mobile attackers aim at people, not their devices: claim

BlackBerry Cylance chief evangelist Brian Robison BlackBerry Cylance chief evangelist Brian Robison

Attackers are preying on users' assumption that legitimate app stores protect them from security issues, a security firm claims.

People are "cavalier" about mobile apps, BlackBerry Cylance chief evangelist Brian Robison told iTWire. They are happy to try them out, whereas they are much more cautious about installing software on their notebook and desktop systems.

Attackers are taking advantage of this false sense of security, which may have resulted from frequent admonishments to obtain software only from major app stores including Google Play and Apple's App Store.

App stores exist to protect their operators' revenue, not their customers' security, Robison argued.

The rules don't forbid malicious apps, so it is permissible for (eg) a flashlight app to ask permission to access contacts, location, microphone and so on.

"That's how we see these things [malicious apps] get on the public app stores... [they] meet the checkbox requirements," he said.

Another problem is that after being installed, apps can download 'data' that is actually code that changes their behaviour.

"Games do it all the time," explained Robison, but it can also be done with malicious intent. So an app can be benign when being checked by the app store operator, only to become a hazard after being installed on thousands or even millions of devices.

"The attackers are really good at attacking us as humans" by convincing us that the value of an app is so great that we will take risks such as sideloading apps or granting excessive rights to a newly-installed app (why does that flashlight app need to access the microphone?).

They are hacking us because it can be easier than hacking our devices, he observed. "We [users] have become so cavalier about our privacy that we are the biggest risk."

It's not just criminals who are taking advantage of such behaviour: "we're bugging ourselves" in a way that governments can exploit.

The trouble is, "we [security vendors] can't stop the user from doing things," because although sandboxing helps keep apps away from each others' data (and in the process "it creates really stupid interactions between apps") it also makes it impossible for security software to detect suspicious behaviour, as is commonly done by desktop security software.

Nor can security vendors offer tools to prevent the installation of apps that are known to be malicious. All they can really do is collect information and report on it.

So BlackBerry takes a different tack. one that's designed to protect corporate data. If a device is out of compliance (eg, the OS isn't up to date, or one or more known-bad apps are installed), corporate data protected by BlackBerry cannot be decrypted on that device.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments