Sydney Outsourced IT Services Blog
Workers Using Gambling Apps On Their Phones Put Business Data at Major Risk!
It turns out that employees working for large global companies are compromising IT security and putting sensitive business data stored on their devices at risk – by doing something as simple as adding a gambling app on their phone.
A security firm called Veracode performed an analysis that scanned hundreds of thousands of mobile apps that had been installed in corporate mobile environments. Reports indicate that some companies had as many as 35 mobile gaming apps found on their network environment, each posing as a potential security risk.
When the company began testing some of the most popular gaming apps found in these corporate environments, it was discovered that there are critical vulnerabilities that pose as a huge threat. These vulnerabilities could potentially allow hackers to gain access to sensitive information stored on the phone, including emails, contacts, location data, call history, and even recorded phone conversations.
Examples of IT Security Threats
Different apps may present different security risks, as outlined below:
- one casino app contained code that could identify if the device has been rooted or jailbroken, which could provide the app unrestricted access to the device
- the same app has recording capabilities to record both audio and video
- the app could access user identity information
- the app was particularly vulnerable to man in the middle attacks allowing hackers to alter communications
- a different slot machine app failed to use encryption to communicate with back end servers, providing the opportunity for hackers to intercept traffic and extract user data
- multiple other gambling apps had access to read, write, and even delete files
- multiple other gaming apps apps also open network communications with arbitrary servers which is risky in a tightly controlled environment
Veracode did not provide specifics as to which gambling apps contained which particular vulnerabilities, but it is known that some of the apps tested include:
- Gold Fish Casino Slots
- GSN Casino
- Big FIsh Casino
- Wonderful Wizard of Oz
- Zynga Poker
- Hit it Rich Casino and Slots
- Heart of Vegas
- Jackpot Party Casino
- Texas Poker
- Slots Pharaoh’s Way
The problem with free mobile apps, including gambling ones, is that they typically bundle advertising libraries that syphon off user identity information and device details. Research indicates that these libraries don’t use HTTPS which potentially exposes sensitive data to man in the middle attacks.
Revising and implementing application blacklisting policies may be necessary to minimize the risk, and protect against unauthorized mobile apps leaking sensitive corporate data.