Employees gamble with corporate security installing ‘risky’ casino apps
Wed 2 Sep 2015
Employees are putting the security of corporate data at risk by installing gambling apps containing adware and critical vulnerabilities, according to security researcher Veracode.
Monitoring the threats presented in business environments by personal mobile phones, Veracode found that as many as 35 dubious gambling apps were widely present in hundreds of thousands of cases, based on analysis of mobile scans across its cloud platform.
Vulnerabilities identified included weak encryption, which enabled hackers to access personal and corporate information such as contact lists, emails, call logs, and location information. Some attacks even recorded users’ phone conversations.
Gambling applications is a huge growth area. Juniper Research predicts that by 2018 over $60bn will be placed in bets by casino app users, which represents a fivefold increase on the current mobile gaming market.
In its report, Veracode details a selection of popular poker, slots, bingo and black jack apps which contain vulnerabilities, or are pre-installed with malware. It lists ten gambling apps, including Texas Poker, Jackpot Party Casino and Gold Fish Casino slots, which are all able to read, write and erase smartphone files. It claims that these apps are also capable of accessing network functions and creating connections to remote servers.
The security experts also referred to a popular slots app which ran across unencrypted HTTP protocol, revealing sensitive data such as gender, date of birth and login times.
“Like it or not, corporate users are installing risky apps on their mobile devices, thereby increasing the attack surface and putting corporate data at risk as well as compromising the security of high-profile employees such as executives,” explained Veracode mobile security VP Theodora Titonis.
She added: “Manual approaches for addressing unsafe mobile apps, such as manual pen testing and manually-curated blacklists, are difficult to scale because of the sheer size, complexity and constantly-changing nature of the problem. As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps arbitrarily.”