On April 12th, Approach was interviewed by Belgian TV channel RTL-TVI for a special «Tout s’explique», dedicated to cyber-security.
During this interview we had the opportunity to demonstrate, in a popularized way, how easy it is for a third-party application to access sensitive data located on a smartphone.
Indeed, careless users, often children and teenagers, install apps on their smartphone without reading a single line of the permissions requested by the application. Some apps abuse from this human behavior and request much more permission than it really needs for its legit purpose. A simple look at the permissions requested by some flashlight applications can help to understand the problematic:
The problem is amplified by the fact that smartphones are increasingly used as small computers, so we are brought to store personal data on these devices.
At Approach, we also use rogue mobile apps during phishing campaigns to demonstrate how an attacker can steal sensitive data or penetrate a corporate network by compromising mobile devices. Learn more about our penetration test services