Veracode, a leader in securing web, mobile and third-party applications for the world’s largest global enterprises, doesn’t like to gamble when it comes to security.
Now the company is issuing a warning that all those gaming and gambling apps on employee smartphones could be jeopardizing the security of company and personal information.
Analytics from its cloud-based platform shows that, based on its analysis of hundreds of thousands of scans of mobile apps installed in actual corporate environments, the average global enterprise has multiple gambling apps installed in its mobile environment,” according to the report summary shared with mGamingWatch. “Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations.”
It’s a problem in part because the use of mobile gambling applications is growing exponentially.
“Juniper Research estimates that smartphone and tablet owners will place upwards of $60 billion in bets by 2018 using casino-type gambling apps — roughly five times the current size of the overall mobile gaming market,” according to the report. “Another telling data point is that spending on casino and card games for Android was up 105 percent from November 2013 to November 2014.”
And guess what? Research firm Gartner estimates that 75 percent of mobile apps will fail basic security tests through 2015.
“While some of this is due to sloppy programming and the use of insecure open source and third-party libraries, cybercriminals and nation-states are also constantly looking to exploit insecure apps in order to steal corporate intellectual property, track high-profile individuals and/or dissidents, and insert aggressive adware for monetary gain,” Veracode asserts. “In addition, free apps typically incorporate advertising software development kits (SDKs) that monetize by sending user data such as identity and location to advertising servers located around the world.”
Veracode recently identified a number of unsafe slots, poker, black jack and bingo apps, including examples of vulnerabilities and malware.
“Ten digital gambling apps — including Gold Fish Casino Slots, Jackpot Party Casino and Texas Poker — can read, write, and delete local files as well as directly access network functions such as creating connections to arbitrary servers and receiving data from any source.”
“Like it or not, corporate users are installing risky apps on their mobile devices, thereby increasing the attack surface and putting corporate data at risk as well as compromising the security of high-profile employees such as executives,” said Theodora Titonis, VP of mobile security at Veracode. “Manual approaches for addressing unsafe mobile apps, such as manual pen testing and manually-curated blacklists, are difficult to scale because of the sheer size, complexity and constantly-changing nature of the problem. As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps arbitrarily.”
The best bet? Don’t gamble on security, especially when there’s company data at stake.