“Gambling Apps” Compromise Corporate Security, Says Veracode Study
Posted on: September 6, 2015, 12:53h.
Last updated on: September 5, 2015, 12:54h.
The gambling apps installed by a company’s employees could be putting its security systems at risk, according to a new report by cloud-based app security firm, Veracode.
After scanning thousands of such apps installed on mobile devices used for work, the company found that the “average global enterprise has multiple apps installed on its mobile environment,” with some environments found to contain “as many as 35.”
Veracode tested 11 different “gambling apps,” all of which were, in fact, free-to-play social casino apps, as opposed to real-money online casino apps, although, unhelpfully, the study itself does not highlight the distinction between the two.
However, the risks uncovered certainly highlight the need for regulation of the social casino industry and a similar study of the regulated real-money online gambling apps, compared with unregulated, would certainly be a welcome follow up research project.
Malicious Software
“Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations,” warned Veracode.
One “popular casino app” is able to check if a device is rooted or jailbroken; ie, whether an iPhone, for example, has been altered to circumvent the restrictions imposed by its own operating system.
This, says Veracode, means the app has the ability to disable anti-malware software on the device, as well as view cached information, like passwords and user identity details, and this renders the device vulnerable to hackers.
Veracode also found that a popular slots app uses inadequate, unencrypted HTTP protocol, and had the potential to install malicious software.
Meanwhile, it said, “free apps typically incorporate advertising software development kits (SDKs) that monetize by sending user data such as identity and location to advertising servers located around the world.”
Corporate Data at Risk
No one app is specifically named and shamed in the study; instead, Veracode opted for a guilt-by-association approach: Big Fish Casino, Gold Fish Casino Slots, GSN Casino, Heart of Vegas, Hit it Rich Casino Slots, Jackpot Party Casino, Slot Machines House of Fun, Slots Pharaohs Way, Texas Poker, Wonderful Wizard of Oz and Zynga Poker, were all analyzed, the company said.
And while Veracode is not accusing the creators of these specific apps of attempting to destabilize corporate systems, it urges companies to take caution at a time when “cybercriminals and nation-states are … constantly looking to exploit insecure apps in order to steal corporate intellectual property, track high-profile individuals and/or dissidents, and insert aggressive adware for monetary gain.”
“Like it or not, corporate users are installing risky apps on their mobile devices, thereby increasing the attack surface and putting corporate data at risk as well as compromising the security of high-profile employees such as executives,” said Theodora Titonis, VP of mobile security at Veracode.
Related News Articles
Loot Box Site Mystery Brand Responds to ‘Scam’ Gambling Site Allegations
Most Popular
SPHERE OF FAILURE: U2 Concert Film is Vegas Orb’s First Flop
VEGAS MYTHS RE-BUSTED: The Strip’s Naked City Was Named for Sunbathing Showgirls
Star Gold Coast Can Recoup $38.7M Debt from Billionaire Ex-Betting Exec
Wynn Las Vegas Strikes $130M DOJ Settlement, Largest Fine Ever for a US Casino
Most Commented
-
VEGAS MYTHS RE-BUSTED: You Don’t Have to Pay Resort Fees
August 2, 2024 — 17 Comments— -
VEGAS MYTHS RE-BUSTED: Elvis Was a Straight-Up Racist
August 9, 2024 — 11 Comments— -
ANTI-SOCIAL BEHAVIOR: Vegas Casino Buffet Stunt in Poor Taste Goes Viral
August 16, 2024 — 7 Comments—
No comments yet