StrandHogg 2.0 Android Vulnerability Is Hard To Detect: Leaving 39.2 Percent Of Android Devices Vulnerable Forever – Expert Insight

Experts Comments

May 27, 2020
Sam Bakken
Senior Product Marketing Manager
OneSpan
Mobile apps practically have a target painted on their back. Promon’s recent malware vulnerability discovery dubbed “StrandHogg 2.0” is the latest example of what dangerous malware could do if exploited in the wild – possibly exposing Android users’ mobile banking credentials and access one-time-passwords sent via SMS. While the potential for damage is pretty clear, there are steps app developers can take to protect apps and users against threats such as these. Android users should .....Read More
Mobile apps practically have a target painted on their back. Promon’s recent malware vulnerability discovery dubbed “StrandHogg 2.0” is the latest example of what dangerous malware could do if exploited in the wild – possibly exposing Android users’ mobile banking credentials and access one-time-passwords sent via SMS. While the potential for damage is pretty clear, there are steps app developers can take to protect apps and users against threats such as these. Android users should update their device to the latest version of Android. Unfortunately, depending on the device manufacturer and a user’s service provider/carrier that may not be possible. This is why app developers and especially developers of mobile financial services apps need to take note. This latest vulnerability serves as a reminder that there’s no reliable way to know the precise security status of mobile devices on which your mobile app operates. Developers have no real way of knowing whether a user’s device is riddled with vulnerabilities, or compromised with malware or not. This is why advanced security such as app shielding and runtime protection that travels with the app to defend it even in hostile conditions is crucial to a complete, layered approach to mobile app security.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.