Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 3 July, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Gamers Giving Away More Than Their High Scores

by The Gurus
November 17, 2016
in Editor's News
Share on FacebookShare on Twitter

Millions of mobile app gamers are putting themselves at risk of social engineering by voluntarily allowing apps from official play stores to access, and in some cases control, their devices.
A study conducted by AppRiver, the cloud-based email and Web security specialist, found that the top games listed in Google’s Play Store – which have had millions of global downloads – demand permissions for full network access and read the contents of storage. This type of information if accessed by hackers, or even legitimately collected by criminals, can be used to create tailored scams that are will spoof even the most security savvy individuals.
Looking at the some of the more invasive permissions, and whilst there is the option for ‘approx. Location – network based’, some apps insist on ‘precise location (GPS and network based)’. While this might be expected for games, such as Pokemon Go, this was a requisite for apps that don’t necessarily need to know where the player is  – such as Mobile Strike and Game of War.
Even if users check the fine print on installation, all apps include the disclaimer: “Updates to [INSERT NAME OF APP] may automatically add additional capabilities within each group.” This means that, even if you look at the Ts&Cs and agree with them, they can be changed without your knowledge. This potentially presents a big security risk as all apps had at least one condition labelled ‘other’, that includes ‘full network access,’ ‘control near field communication,’ ‘run at startup,’ ‘draw over other apps,’ ‘control flashlight’ and more.
Troy Gill, manager of security research at AppRiver, said: “With advances in technology, the money moved online and criminals simply followed. With the constant evolution of IT security enhancements, many of the virtual ways in are being systematically sealed with criminals looking for new ways to socially engineer their attacks and liberate the funds. What better way than collecting information that is given voluntarily?”
Other anomalies and abuse of permissions identified by the research include:

  • YouTube personality Felix “PewDiePie” Kjellberg’s app PewDiePie’s Tuber Simulator has racked up millions of downloads in recent weeks, and lets you seek success by creating your own viral videos. The app demands 15 permissions, including ‘full network access’
  • Rolling Sky demands 13 permissions including the ability to ‘read the contents of and modify or delete the contents of USB storage’
  • Shuffle cats has the ability to prevent the device from sleeping
  • FIFA Mobile Soccer has the ability to ‘use accounts on the device’

Jim Tyer, EMEA channel director, concludes, “We know criminals are collecting information from social network sites, such as Facebook and LinkedIn, to launch targeted attacks and this is potentially another avenue for them to exploit. Businesses need to carefully evaluate their policies and consider the introduction of both formal, or perhaps informal, rules about the use of company-owned equipment. The challenge is ownership of the devices connecting and extending the corporate boundaries, as the lines between what’s perceived as business and individual ownership becomes increasingly blurred. Organisations must introduce effective technical safeguards that prevent apps from accessing company networks and data at the very least. In tandem, user education is critical so that employees are not just aware but fully comprehend the potential hazards of social engineering and how it can be used to launch attacks against the company. It’s unlikely that everyone is going to start carefully reading Ts & Cs, but knowing this information might be used against them could encourage workers to be more vigilant when clicking yes.”
While this research looked specifically at Google Play Store’s ranked apps, those listed in Apple’s iTunes and Amazon’s Appstore all contain the same permissions.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Trump cyber security team, policy slow to take shape – officials

Next Post

A checklist to guard against cybercrime

Recent News

A Vulnerability Management Program is Nothing Without Identity Risk Protection

A Vulnerability Management Program is Nothing Without Identity Risk Protection

July 1, 2022
SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

A Research of Threat Actor Activity & Myths Busted by Cato Networks

July 1, 2022
SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks

July 1, 2022
Over a Decade in Software Security: What Have We learned?

Over a Decade in Software Security: What Have We learned?

July 1, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information