App-Store Security - the Five Lines of Defence - New Report by EU Cybersecurity Agency ENISA
Poster: SySAdmin
Posted on September 12, 2011 at 6:07:01 PM
App-Store Security - the Five Lines of Defence - New Report by EU Cybersecurity Agency ENISA
BRUSSELS and HERAKLION, Greece, September 13, 2011/PRNewswire/ --
ENISA Today Publishes a New Report on App-Store Security Where It
Advocates For A Baseline Set Of 'Five Lines Of Defence
[http://www.enisa.europa.eu/appstoresecurity ] 'Against Malware.
The booming smartphone industry has a special way of delivering software
to end-users: app-stores. Popular app-stores have hundreds of thousands of
apps for anything from online banking to mosquito repellent, and the most
popular stores (e.g. Apple App-store, Google Android market) claim billions
of app downloads.
But app-stores have not escaped the attention of cyber attackers. Over
the course of 2011 numerous malicious apps were found
[http://www.enisa.europa.eu/act/application-security/smartphone-security-1/app-kill-switch-the-last-line-of-defence ]
, targeting a variety of smartphone
models. Dr Marnix Dekker, and Dr Giles Hogben, authors of the report say:
"Using malicious apps, attackers can easily tap into the vast amount of
private data processed on smartphones such as confidential business emails,
location data, phone calls, SMS messages and so on. Consumers are hardly
aware of this."
"Five lines of defence" to secure app-stores
Starting from a threat model for app-stores, the paper identifies what
it calls "the five lines of defence" that must be in place to secure app
stores from malware: app review, reputation, kill-switches, device security
and jails. "This report provides a very practical and technical analysis of
malware threats for app-stores in under 20 pages. The Agency has made an
excellent choice of security techniques, and the recommendations are
ready-to-use," says Raoul Chiesa, an Italian ethical hacker and
cybersecurity expert.
Without overlooking the differences between the various smartphone
models and app-stores, ENISA recommends an industry-wide approach to
addressing insecure and malicious apps. "The number of malware attacks
direct at smartphones still pales in comparison to PCs. This paper is a
blueprint for how to maintain this head-start and address security across
app-stores." says Professor Udo Helmbrecht, Executive Director of ENISA.
For full report [http://www.enisa.europa.eu/appstoresecurity ]:
http://www.enisa.europa.eu/act/appstoresecurity/
Background: Malware in app-stores is not the only risk for smartphone
users; ENISA recently published a full overview of smartphone risks
[http://www.enisa.europa.eu/smartphonesecurity ].
Source: ENISA - European Network and Information Security Agency
For interviews: Ulf Bergstrom, Spokesman, ENISA, press@enisa.europa.eu, Mobile: +30-6948-460-143 or Dr. Marnix Dekker, Expert, ENISA marnix.dekker@enisa.europa.eu
BRUSSELS and HERAKLION, Greece, September 13, 2011/PRNewswire/ --
ENISA Today Publishes a New Report on App-Store Security Where It
Advocates For A Baseline Set Of 'Five Lines Of Defence
[http://www.enisa.europa.eu/appstoresecurity ] 'Against Malware.
The booming smartphone industry has a special way of delivering software
to end-users: app-stores. Popular app-stores have hundreds of thousands of
apps for anything from online banking to mosquito repellent, and the most
popular stores (e.g. Apple App-store, Google Android market) claim billions
of app downloads.
But app-stores have not escaped the attention of cyber attackers. Over
the course of 2011 numerous malicious apps were found
[http://www.enisa.europa.eu/act/application-security/smartphone-security-1/app-kill-switch-the-last-line-of-defence ]
, targeting a variety of smartphone
models. Dr Marnix Dekker, and Dr Giles Hogben, authors of the report say:
"Using malicious apps, attackers can easily tap into the vast amount of
private data processed on smartphones such as confidential business emails,
location data, phone calls, SMS messages and so on. Consumers are hardly
aware of this."
"Five lines of defence" to secure app-stores
Starting from a threat model for app-stores, the paper identifies what
it calls "the five lines of defence" that must be in place to secure app
stores from malware: app review, reputation, kill-switches, device security
and jails. "This report provides a very practical and technical analysis of
malware threats for app-stores in under 20 pages. The Agency has made an
excellent choice of security techniques, and the recommendations are
ready-to-use," says Raoul Chiesa, an Italian ethical hacker and
cybersecurity expert.
Without overlooking the differences between the various smartphone
models and app-stores, ENISA recommends an industry-wide approach to
addressing insecure and malicious apps. "The number of malware attacks
direct at smartphones still pales in comparison to PCs. This paper is a
blueprint for how to maintain this head-start and address security across
app-stores." says Professor Udo Helmbrecht, Executive Director of ENISA.
For full report [http://www.enisa.europa.eu/appstoresecurity ]:
http://www.enisa.europa.eu/act/appstoresecurity/
Background: Malware in app-stores is not the only risk for smartphone
users; ENISA recently published a full overview of smartphone risks
[http://www.enisa.europa.eu/smartphonesecurity ].
Source: ENISA - European Network and Information Security Agency
For interviews: Ulf Bergstrom, Spokesman, ENISA, press@enisa.europa.eu, Mobile: +30-6948-460-143 or Dr. Marnix Dekker, Expert, ENISA marnix.dekker@enisa.europa.eu