February 23, 2016 By Eitan Worcel 2 min read

Many experts say mobile devices such as smartphones and tablets will replace the PC. Some think this will take a matter of months; others would say a few years. I would argue that both camps are wrong: I believe it has already happened.

“But wait, Eitan! People are still using their laptops — they use them in their office, for doing homework, and you probably used one to write this blog post.” This is true. Like many others, I still use my laptop for work, writing papers or creating blog posts, but I use it much less than I did just a year ago.

The smartphone actually replaced many of my other products, not just the PC. It became my camera, MP3 player, portable video game console, newspaper — and for some, it even replaced the TV. This is why the idea of mobile first was so easily accepted in the industry and why everyone invests in building mobile apps for their business.

It gives you a lot of power when your application is installed in your consumer’s or employee’s phone, regardless of whether your app is focused on social, financial, e-commerce or even health care. Once you push a message, they will check it; most will even do it within minutes. They take your business everywhere.

With Great Power Comes Great Responsibility

If there is something you can be sure of in this industry, it is that the more successful you get and the more people use your application, the more cybercriminals will try to attack it. When your app gets compromised, your business can be catastrophically impacted. According to the “2015 Cost of Data Breach Study” from the Ponemon Institute, the average organizational cost of a data breach in 2015 was $3.8 million.

If a data breach isn’t bad enough, let me share another scary scenario: Vulnerabilities in your application can actually introduce additional risk to your users’ privacy. These vulnerabilities may potentially allow a malicious attacker to take advantage of permissions given to your application to gain access to other areas of the phone. One can only imagine the reputational damage that a business will suffer if users’ private details and pictures are leaked out of their phones via an application flaw.

The Wild West of Mobile Application Security

Once you distribute your application through app stores, you’ve literally placed a part of your business in the hands of your consumers. You have allowed everyone to have access to your business. This is not the same as exposing your business via your company’s website because that is stored in a centralized and trusted environment protected from unauthorized entities.

This new era allows cybercriminals to more easily get to your application’s code and analyze it to find vulnerabilities, making their work much simpler and increasing the risk to your organization. In fact, according to the “2016 State of Application Security” report, 90 percent of the 126 apps tested had at least two critical security vulnerabilities. This is a frightening statistic that reveals the urgency of mobile application security.

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today