Mobile Threat Monday: Smurfs 2, Black Hat, and Beyond
Just because practically the entire infosec community decamped to Las Vegas for the annual Black Hat security conference and DEF CON hacker jamboree last week does not mean we can stop worrying about malicious mobile apps.
From Black Hat
In fact, Android security was front and center at the conference as BlueBox Security CTO Jeff Forristal disclosed details of not one, but multiple "master key" flaws in the Android operating system. A key takeaway to his talk was the fact that just telling users to turn off the ability to install apps from third-party sources is not practical.
In fact, Android security was front and center at the conference as BlueBox Security CTO Jeff Forristal disclosed details of not one, but multiple "master key" flaws in the Android operating system. A key takeaway to his talk was the fact that just telling users to turn off the ability to install apps from third-party sources is not practical.
"As far as Google is concerned, the Amazon App Store is a third-party marketplace," Forristal said. If your organization has its own app store to provide IT-approved apps, that is also a different source. Third-party sites aren't necessarily always dodgy forums or sites with pirated apps. This makes staying safe a bit more challenging: do we go all-Google or do we take the risk that dangerous Android apps can get installed from unknown sources?
Read More [Source]
No comments:
Post a Comment