MOBILE THREAT LANDSCAPE. February 2018

Transcription

1 MOBILE THREAT LANDSCAPE February 2018

2 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming from them, far ahead Network exploits and OS manipulations. Apps 86% Network 8% OS 6% This report gives an insight of the Mobile Threat Landscape currently surrounding us. It gathers the results of a research conducted by the Pradeo Lab in January 2018, based on a sample of 2 millions Android and ios Applications analyzed by Pradeo s Artificial Intelligence engine. (Based on a sample of 500,000 devices)

3 Applications can threaten users in two different ways: By performing malicious or unwanted actions By being vulnerable to attacks The next pages feature the top mobile threats with a focus on data privacy violations and malwares, followed by a risk analysis related to OWASP vulnerabilities. KEY TAKEAWAYS Mobile applications are a direct threat to companies GDPR compliance. 16.8% of applications establish connections to uncertified servers. Valuable data such as health and banking credentials are becoming a privileged target. 31% of applications feature an OWASP vulnerability.

4 WHAT MOBILE THREATS ARE WE EXPOSED TO? 60% 61% Data privacy violation is the biggest threat for mobile users, with 61% of Android applications and 36% of ios applications sending users data to remote servers. 50% 40% 30% 36% By collecting and transmitting private information, these leaky applications are a direct threat to companies compliance to the forthcoming GDPR. 20% 10% 0% Data leakage 13% Network exploit 7% 1% 0.1% 1% 0.2% OS manipulations Malwares On the other hand, malwares such as ransomwares, Trojans, screenloggers, etc. are far less numerous, yet more deadly.

5 On average, a leaky application sends data towards 17 distant servers. Most of the time, these sendings are performed by libraries included in mobile applications for tracking and marketing purposes. However, Pradeo identified that 16.8% of applications establish connections to uncertified servers, mostly suspicious. Among the data leaked, the Lab identified highly sensitive ones such as users location, contact information and SMS. FOCUS ON DATA LEAKAGE 47% are sending device information 28% are sending location information 4.6% are sending contacts information 3.5% are sending users SMS / MMS (Repartition among leaky applications)

6 FOCUS ON OVERLAY MALWARES Amount of overlay malwares among 0-days S S % 1% 2% 3% 4% 5% Categories of applications targeted by overlay malwares Banking 55% Health 28% Others 17% Malwares can be divided into two big families: the ones using known malicious signatures and those qualified as 0-day for which signatures have not been created yet. Unknown malwares are the most dangerous ones as standard security solutions will not detect them. Their proportion represents 9% among applications featuring a malware. The Pradeo Lab noticed in the last 6 months a considerable growth in the amount of overlay malwares falling under 0-day threats family. An overlay malware is designed to mimic legitimate applications to harvest credentials. It tricks users when entering sensitive data into a fake window, collecting and forwarding them to a remote attacker. Overlay malwares mostly target health and bank data and only affect Android devices. In the year to come, it is very likely mobile data thefts will increase in these industries.

7 OWASP VULNERABILITIES The OWASP Mobile Security Project classifies mobile security vulnerabilities to help developers building and maintaining secure mobile applications. 31% of applications feature an OWASP vulnerability The vulnerabilities detected can lead to: Any application that features an OWASP vulnerability is prone to attacks. 40% 47.6% Nearly a third of mobile applications analyzed by Pradeo are vulnerable, mostly to data leakage and Man-In-The-Middle attacks. 30% 20% 10% 0% 4.6% 3% 1.5% Data leakage MITM attack Denial of service Encryption weaknesses

8 ABOUT PRADEO Pradeo is a global company, leader in the mobile security field, offering innovative solutions to protect devices (smartphones, tablets and connected objects) and master applications. Pradeo s next generation technology, recognized by Gartner for the fourth consecutive year, provides a reliable detection of threats to prevent data leakage and enforce compliance with data privacy regulations. PRADEO SECURITY solution suite delivers complete and automatic services to detect and qualify suspicious activities and vulnerabilities and proactively protect devices, applications and sensitive data with a full 360 security approach. contact@pradeo.com Visit