Android Malware Threatens Business

There continues to be an increase of Android developed malware in an attempt to turn a profit; this, according to data and research of more than 2.5 million mobile apps gathered by the Pulse Secure Mobile Threat Center research facility. The company’s recently released 2014 Threat Report shows that nearly one million unique malicious applications were produced—a 391% increase from 2013 alone.

Additionally, the Mobile Threat Center reported a significant growth in Android malware, which currently makes up 97% of all mobile malware developed. In 2014 alone, there were 1,268 known families of Android malware—an increase of 464 from 2013 and 1,030 from 2012.

Top Threats
The ability to take profit from an end user with SMS premium services or ad networks is a capability of each of the top 10 malware threats identified in 2014, with the overwhelming majority of Android malware being developed and distributed in unregulated third party app stores in the Middle East and Asia.

“A perfect storm of unsecure, out-of-date, low-end devices connecting to popular third party app stores in densely populated areas, that are encountering one malicious application in every 20 applications being browsed and downloaded, now exists in the Android ecosystem,” states the report.

However, it also goes on to say that Google has gone to great lengths to mitigate Android threats by acquiring several different technologies and building a background review process for applications. According to Pulse Secure, the Android Play Store is almost entirely free of malicious applications and the Android Security Team continues to work to make it more difficult for malicious applications to get into the ecosystem.

Eyeing Apple
Still, that does not lessen the need for users or businesses should to be ever vigilant. In addition, Apple devices are not immune either. The report points out that it is difficult, but possible to get malicious applications through the rigorous review process that guards the walls of the Apple App Store, but the process has remained elusive enough that average malware developers are not interested in doing the “heavy lifting” to get their malicious apps into the “walled garden.”

iOS is still considered to be secure, from a malware perspective, when users remain download from  the official App Store, however, there were four iOS targeted attacks in 2014 according to the report, albeit most went after jailbroken devices. Additionally, WireLurker is the first example of a non-jailbroken iOS device being infected by tethering to an infected Mac device.

Enterprise Vulnerabilities
The study also shows that corporate networks and enterprise environments are attractive targets to global cyber thieves. Criminal organizations have expanded their revenue streams by building networks of code, and app developers that target both consumers and enterprises.

In many cases, companies have become easier targets due to BYOD. And though organizations have attempted to embrace personal device use through MDM suites or other solution platforms, they are being met with resistance from users who don’t want to fall under the control of enterprise administrators.

“Enterprise networks, while continually hardened at the perimeter, need to apply mobile security controls to appropriately deal with the ever increasing BYOD push coming from employees,” said Troy Vennon, director of the Pulse Secure Mobile Threat Center and author of the report. “The focus on Android and jailbroken iOS devices by mobile malware developers illustrates that they are actively attempting to exploit mobile devices as the weak link in enterprise security.”

He expects to see a continued shift from enterprises trying to manage and secure an entire device to an approach that utilizes workspaces to secure only portions of the device that access and store corporate data. Users must also be better educated to understand third-party threats and should stick to trusted sources for downloading apps.

The Latest Mobile Testing News department was not involved in the creation of this content.


The Austin, Texas-based mobile authentication startup Toopher announced on its website Wednesday (April 1) that it has been acquired by CRM giant Salesforce. As part of the announcement — which appears to now comprise the entirety of Toopher’s standalone site — the company let it be known that it has ceased its sales operations effective immediately.

The missive, attributed to Toopher co-founders Josh Alexander and Evan Grim, reads in part: “While we will no longer sell our current products, we are thrilled to join Salesforce, where we’ll work on delivering the Toopher vision on a much larger scale as part of the world’s [No. 1] Cloud Platform. We can’t imagine a better team, technology and set of values with which to align.”

With the acquisition of Toopher, Salesforce adds to its technology repository mobile-based two-factor authentication that utilizes location awareness for enhanced security.

“Saleforce’s acquisition of Toopher’s modern authentication capabilities makes sense when considering the fast-growing Identity Management as a Service (IDaaS) market,” said Mark Diodati, research vice president at Gartner, according to ZDNet. “These capabilities are considered ‘table stakes,’ so having them will enhance Salesforce’s competitive capabilities.”

The pickup of Toopher is the latest in a series of moves by Salesforce that expand its security-centric options. In October, the company released Login Flows, which lets system administrations develop unique post-authentication processes; it also participated in the development of OpenID Connect, another authentication protocol.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content.

Android malware reduced by 50% says Google

WASHINGTON: Google has said that malware infections on Android devices have been cut in half in the past year following security upgrades for the mobile platform.

In a security review for 2014, Google said it made significant strides for the platform long seen as weak on security.

Android security engineer Adrian Ludwig said in a blog post that the overall worldwide rate of potentially harmful applications installed dropped by nearly 50% between the first quarter and the fourth quarter of the year.

Ludwig noted over one billion Android devices in use worldwide have security through Google Play “which conducts 200 million security scans of devices per day” and that fewer than one percent of the devices had potentially harmful apps installed in 2014.

For those devices which only use Google Play apps, the rate of potentially malicious apps was less than 0.15%, Google said.

The report noted that Android got several security upgrades in 2014, including improved encryption and better detection tools for malware.

Android has long been seen as vulnerable to malware because it is an open platform and many devices run older versions of the mobile operating system.

But Google’s report said its review “does not show any evidence of widespread exploitation of Android devices.”

“We want to ensure that Android is a safe place, and this report has helped us take a look at how we did in the past year, and what we can still improve on,” Ludwig said.

“In 2015, we have already announced that we are are being even more proactive in reviewing applications for all types of policy violations within Google Play. Outside of Google Play, we have also increased our efforts to enhance protections for specific higher-risk devices and regions.”

Android is used on around 80% of the smartphones globally, but its popularity has also made it a magnet for malware.

Source: PTI

The Latest Mobile Testing News department was not involved in the creation of this content.

Israel’s Lacoon Mobile Security acquired by Check Point for a reported $100 million

Israel’s Lacoon Mobile Security announced on Thursday that it has been acquired by Israeli data security firm Check Point Software Technologies. The purchase price is estimated to be $100 million. The deal will be completed in the next few days, with all 40 of Lacoon’s employees finding a home at CheckPoint.

Lacoon offers real-time security for Android and iOS business users. After installing the app, which runs in the background of your machine, users are protected from zero-day attacks, remote takeovers, takeover of apps, data theft and of course any attempt to harm the user or their data.

The company’s product has two aspects. The first is security at the level of the organizational network and monitoring data that enters and exits the network in an attempt to detect unusual patterns. The second aspect is located directly on the cellular network of the operator.

About Lacoon

Lacoon Mobile Security was founded in 2011 by Emanuel Avner, Ohad Bobrov and Michael Shaulov. All three were experienced in the field of cybersecurity, and they founded Lacoon to address the pain point of mobile devices, which are particularly vulnerable to attack. Today the company is considered to be a world leader in protecting business smartphones from cyber attacks.

So far, the company has raised $11 million. The shareholders include the three founders, who are entitled to 30 percent, investors Shlom Kramer, Amichai Shulman and Rakesh K. Loonkar who get 35 percent, and finally Index Ventures, which gets 20 percent.

The company’s 40 employees own another 15 percent of the shares. Among the company’s prominent customers are Samsung, the Israel Police and credit card companies. Lacoon has offices in San Francisco, New York, London and Tel Aviv.

A spokesperson for Lacoon said in a statement, “This sale of the company to Check Point will allow it to quickly grow to respond to the growing need for smartphone security. Lacoon has the potential to protect all smartphones in every business in the world. Acquiring Lacoon will help Check Point lead the mobile protection market and position it as a dominant player in the field.”

Simona Weinglass translated the original Hebrew article. 

The Latest Mobile Testing News department was not involved in the creation of this content.

TRA’s new service to improve mobile security

The UAE’s Telecommunication Regulatory Authority has launched a new service aiming to improve mobile phone security.

The new ‘Secure your mobile phone’ campaign was launched by TRA in partnership with Etisalat and Du and is the first of its kind in the region.

Owners of mobile phones can now disconnect their device as soon as they report that it has been stolen or lost.

After they report loss or theft, both Du and Etisalat will block service from the mobile phone so that it will not be able to send or receive calls and messages from that device.

Saif bin Ghalitah, head of Technological Development Department at TRA, said UAE leads the region in terms of number of smart phone users.

“We are aware of the user’s dependence on their mobile phones because they do most of their work through their phones. Thus, the new service will allow them to secure their mobile phones if they are stolen or lost,” he said.

He added that the device will be blocked within 48 hours of the report free of charge, and if the owner of the mobile phone finds his device, the block will also be removed after reporting it within 48 hours free of charge.


The Latest Mobile Testing News department was not involved in the creation of this content.

5 testing suites to secure your enterprise’s mobile app

Make sure your mobile offering is secure with CBR’s list of security tools.

In an age where every enterprise needs to put out an app just to keep up, security is becoming a hotter issue every day. CBR rounds up solutions to ensure your app is safe and secure.

1. HP Fortify Static Code Analyzer

The solution from the multinational IT giant verifies whether software is trustworthy by scanning the source code to identify the root causes of its security vulnerabilities.

The system provides line-of-code guidance for closing gaps in the app’s security. To ensure that the most serious issues with your code are dealt with, it correlates and prioritises its findings to deliver a risk-ranked list of issues.

2. Veracode

Veracode’s on-demand software-as-a-service solution helps developers to test and rate their potential purchases, find flaws in applications developed with partners and evaluate the code that might be acquired in a commercial deal.

The cloud-based platform provides a simple and centralised way to secure applications throughout the whole development and production process. The company’s remediation reports takes businesses’ objectives and risk levels into account to help them develop a plan of action.

3. NowSecure App Testing Suite

NowSecure specialise in attacking systems and homing in on their weaknesses. Last year they found two vulnerabilities affecting Samsung devices and advised Samsung on a patch that addressed them.

In the app space, the NowSecure App Testing suite tests every component of an application with forensic analysis, code analysis, and network analysis and provides automated findings. The developer is then provided with results in a customisable report.

4. Checkmarx CxSuite

This solution identifies, tracks and fixes technical and logical security flaws in the source code, supporting a range of vulnerability categories, operating systems and programming languages.

Auditors can test code at the earliest stages of the Software Development Life Cycle. The suite got recognised as a “Visionary” technology in Gartner’s Static Application Security Testing magic quadrant.

5. Burp Suite

The provocatively titled Burp Suite is an integrated platform for security testing web applications. The programme contains an intercepting Proxy to inspect and modify traffic between the browser and application, allowing you to map and analyse an application’s potential vulnerabilities. The system is highly configurable and suitable for first-time users.


The Latest Mobile Testing News department was not involved in the creation of this content.

1 2 3 4 5 8