Menu
Employees put business data at risk by installing gambling apps on their phones

Employees put business data at risk by installing gambling apps on their phones

Some companies have as many as 35 such apps in their environments, a study found

If you work for a large, global company, chances are some of your peers have installed gambling apps on the mobile devices they use for work, and that's bad news for IT security.

A study has found that the average company has more than one such gambling application in some employee devices, putting corporate data stored on those devices at risk.

The analysis was performed by security firm Veracode, which scanned hundreds of thousands of mobile apps installed in corporate mobile environments. The study found that some companies had as many as 35 mobile gambling apps on their network environment.

The company tested some of the most popular gambling apps it detected in corporate environments for potential security risks and found critical vulnerabilities that could enable hackers to gain access to a phone's contacts, emails, call history and location data, as well as to record conversations.

For example, one casino app contained code for checking if the device was rooted or jailbroken, which could give the app unfettered access to the device. The app already had the capability to record audio and video and access user identity information, but on top of that it was also vulnerable to man-in-the-middle attacks that could allow hackers to sniff or alter its communications, the Veracode researchers said.

Another slots app didn't use encryption when communicating with its back-end servers, allowing potential attackers to intercept its traffic and extract user demographic data like gender and birthday.

Ironically, the app downloaded 24 megabytes of encrypted data from servers outside the U.S., without the user's permission, the researchers said.

Ten other gambling apps had access to read, write and delete local files as well as to open network communications with arbitrary servers, a possibly risky activity in a tightly-controlled corporate network environment.

Veracode did not say which gambling app had specific vulnerabilities, but the apps it tested included Big Fish Casino, Gold Fish Casino Slots, GSN Casino, Heart of Vegas, Hit it Rich Casino Slots, Jackpot Party Casino, Slot Machines House of Fun, Slots Pharaohs Way, Texas Poker, Wonderful Wizard of Oz and Zynga Poker.

Free mobile applications, including gambling ones, typically bundle advertising libraries that siphon off device and user identifying information. Past research has shown that many of these libraries don't use HTTPS, therefore exposing potentially sensitive information to man-in-the-middle attacks.

To reduce the risk of unauthorized mobile applications leaking sensitive corporate data, companies are advised to implement application blacklisting policies like those enforced by mobile device management (MDM) or enterprise mobility management (EMM) products.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments