Menu
Employees put business data at risk by installing gambling apps on their phones

Employees put business data at risk by installing gambling apps on their phones

Some companies have as many as 35 such apps in their environments, a study found

If you work for a large, global company, chances are some of your peers have installed gambling apps on the mobile devices they use for work, and that's bad news for IT security.

A study has found that the average company has more than one such gambling application in some employee devices, putting corporate data stored on those devices at risk.

The analysis was performed by security firm Veracode, which scanned hundreds of thousands of mobile apps installed in corporate mobile environments. The study found that some companies had as many as 35 mobile gambling apps on their network environment.

The company tested some of the most popular gambling apps it detected in corporate environments for potential security risks and found critical vulnerabilities that could enable hackers to gain access to a phone's contacts, emails, call history and location data, as well as to record conversations.

For example, one casino app contained code for checking if the device was rooted or jailbroken, which could give the app unfettered access to the device. The app already had the capability to record audio and video and access user identity information, but on top of that it was also vulnerable to man-in-the-middle attacks that could allow hackers to sniff or alter its communications, the Veracode researchers said.

Another slots app didn't use encryption when communicating with its back-end servers, allowing potential attackers to intercept its traffic and extract user demographic data like gender and birthday.

Ironically, the app downloaded 24 megabytes of encrypted data from servers outside the U.S., without the user's permission, the researchers said.

Ten other gambling apps had access to read, write and delete local files as well as to open network communications with arbitrary servers, a possibly risky activity in a tightly-controlled corporate network environment.

Veracode did not say which gambling app had specific vulnerabilities, but the apps it tested included Big Fish Casino, Gold Fish Casino Slots, GSN Casino, Heart of Vegas, Hit it Rich Casino Slots, Jackpot Party Casino, Slot Machines House of Fun, Slots Pharaohs Way, Texas Poker, Wonderful Wizard of Oz and Zynga Poker.

Free mobile applications, including gambling ones, typically bundle advertising libraries that siphon off device and user identifying information. Past research has shown that many of these libraries don't use HTTPS, therefore exposing potentially sensitive information to man-in-the-middle attacks.

To reduce the risk of unauthorized mobile applications leaking sensitive corporate data, companies are advised to implement application blacklisting policies like those enforced by mobile device management (MDM) or enterprise mobility management (EMM) products.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments