Burlington, MA – March 10, 2010 – With the recent headline-grabbing story about a stalker who hijacked his ex-girlfriend’s cell phone for three years (story), Veracode’s CTO Chris Wysopal warns that greater threats are lurking beyond spyware intentionally installed by someone you know. According to Wysopal, “the more insidious story is that a user could easily download an application innocently – a game, a social media app, or a banking or shopping app – that subsequently installs similar spyware.”
This “innocent” downloading is exactly why application providers and app stores need to provide independent proof that their software doesn’t behave inappropriately or have vulnerabilities that can be exploited by malware. Unfortunately, many consumers have a false sense of security, assuming that everything in official app stores must be trustworthy. That simply isn’t the case.
The Veracode team has witnessed first-hand how an application developer, with just a few days of work, can incorporate spyware behavior in a legitimate application. With this most recent cell phone stalker story coming on the heels of concerns associated with apps like Storm8, 09Droid and Symbian Sexy Space, we are only at the tip of the iceberg. “The industry should use examples like these to hold application providers’ feet to the fire so we don’t allow what’s happened to the PC to happen on cell phones,” continued Wysopal.
To gain a better understanding of the reality of these threats, Tyler Shields, a senior security researcher with Veracode, recently gave a presentation at ShmooCon 2010 to raise awareness about the threats of mobile spyware, particularly as it relates to data privacy. One of the goals was to demonstrate how mobile applications can access and leak sensitive information, using only the provider’s APIs and no trickery or exploits of any sort. View the presentation on Veracode’s blog here: http://www.veracode.com/blog/2010/02/is-your-blackberry-app-spying-on-you/
If you are interested in speaking with Chris Wysopal about emerging mobile application threats, and what users and corporations can do to protect themselves, please contact Liz Campbell at veracode@famapr.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it or +1 617-758-4149.
About Veracode
Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic web assessments, and partner or Veracode delivered manual penetration testing, combined with developer e-learning and access to open source security ratings, Veracode SecurityReview allows you to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the simplest, most complete, and most accurate way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Recognized as a Gartner “Cool Vendor,” The Wall Street Journal’s “Technology Innovation Award,” The Banker’s “Information Security Project of the Year” with Barclays, SC Magazine’s “Best Vulnerability Assessment Solution,” Information Security “Readers’ Choice Award,” and AlwaysOn Northeast’s “Top 100 Private Company,” Veracode is Software Security Simplified™. For more information, visit www.veracode.com http://www.veracode.com/.
Media Contact:
Liz Campbell
fama PR
phone: +1 617-758-4149
email: veracode@famapr.com