Insecure Mobile Apps a Big Problem
IBM-sponsored research shows mobile app development is flawed. Big Blue now offers a new platform to help.
Many mobile apps are not properly scanned for security vulnerabilities before they become generally available, found a new Ponemon Institute study sponsored by IBM.
As the world quickly moves to BYOD and mobile device use, 65 percent of the study's respondents agreed that the security of mobile apps is sometimes put at risk because of customer demand or need. The "rush to release" mobile apps due to such pressures is a challenge for security professionals, the report noted.
Cross-site scripting (XSS) is one of the top mobile development risks highlighted by the report, which surveyed 640 individuals who are involved in their organization's application development and security processes. Fifty-four percent of respondents said they expect insecure mobile apps will increase the incidence of XSS in the next 12 months.
Perhaps most surprising, 38 percent of respondents admitted that their organizations don't scan for mobile app vulnerabilities. Not coincidentally, the study found that only 14 percent of organizations have a high degree of confidence in their organization's ability to secure mobile apps.
Overall, a whopping 82 percent of respondents believe mobile apps have increased security risks for companies.
IBM is using the study data to validate the need for its new IBM MobileFirst Protect release. IBM MobileFirst Protect was formerly known as MaaS360 and is based on technology gained in IBM's acquisition of mobile security specialist Fiberlink.
It is available for both new and IBM existing customers without having to perform any upgrades, Jim Szafranski, VP, Mobile Management, IBM Security, told eSecurity Planet.
A key part of the upgraded product is the inclusion of advanced mobile threat management (MTM) technology.
"It’s a security product which analyzes the apps on a device and checks them for malware," Szafranski said. "It is similar to mobile device management (MDM), mobile content management (MCM) and mobile application management (MAM) being components of an enterprise mobile management (EMM) platform."
MobileFirst Protect is available via software-as-a-service (SaaS) and on-premises. It is deployed on smartphones and tablets to manage corporate and employee-owned devices. Users get started with a simple enrollment and app installation.
One of the major risks that all mobile users face is infection from malicious sites. To that end MobileFirst Protect also provides a secure Web browser, which enables the ability to securely connect to corporate resources without a device-level VPN.
MobileFirst Protect also includes technologies from the IBM Trusteer Mobile SDK, which includes device security checks for issues such as jailbreak/root, SMS listeners and malware.
"In addition, it protects the user by blocking known malware and malicious websites using a scanning engine and reputation database," Szafranski said.
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.
By Phil Britt
March 02, 2015
Mobile commerce is a prime target for payment fraud, thanks to its novelty and complexity, according to a recent LexisNexis report.