To developers, advertising frameworks may just be another way to make money from their free application, but in at least one case–dubbed “Vulna” by security firm FireEye–the library has functionality that allows attackers to steal private data from a targeted phone and opens up vulnerabilities that could be exploited by hackers.

The library, which FireEye has declined to name until its developer fixes the problems, underscores the dangers that mobile users and their companies will increasingly face. As smartphones and tablets become an essential part of information workers’ toolsets, cybercriminals and digital spies have targeted the mobile devices to gain access to business data. Careful users who download mobile apps from well-vetted app stores are unlikely to encounter malware, but times are quickly changing and targeted attackers will focus more heavily on mobile devices, says Manish Gupta, senior vice president of products for FireEye.

SOURCE: darkreading.com

Information Security Buzz