NCSC calls for tighter security in the tech sector

The UK’s National Cyber Security Centre (NCSC) has issued a warning on the number of mobile apps containing malicious malware.

Data shows that users are increasingly more at risk of falling victims to hackers that exploit software weaknesses for financial gain, stealing money and personal information from unaware individuals.

To combat this, the government is launching calls for the tech industry to increase efforts in enhancing security and strengthening privacy requirements for firms that are running app stores and developers who are creating apps. These include companies such as Apple, Google, Amazon, Microsoft and Samsung.

The proposal for better action against bad actors includes the introduction of a code that app stores and app makers are required to commit to, launching a more defined and urgent vulnerability report process for each app found to have flaws so that it can be fixed quicker.

Cyber Security Minister, Julia Lopez, said: “Apps on our smartphones and tablets have improved our lives immensely – making it easier to bank and shop online and stay connected with friends.

“But no app should put our money and data at risk. That’s why the Government is taking action to ensure app stores and developers raise their security standards and better protect UK consumers in the digital age.”

The report’s findings indicate that no app is safe, with all types of app stores showing similar rates of being targeted by cyber-attacks. The most widespread problem is malware, according to the NCSC, where corrupted software is used for theft by hijacking the device.

One such case happened just last year when Android users downloaded third-party apps that have been contaminated with either the ‘Triada’ or the ‘Escobar’ virus, resulting in cyber criminals gaining remote access to the devices and committing theft by signing the unaware user to premium subscription services.

In its report, the NCSC assures that these practices will have a reduced chance of affecting end consumers if the government’s proposed industry-wide code is accepted, which would be a world first.

Ian Levy, NCSC Technical Director, added: “Our devices and the apps that make them useful are increasingly essential to people and businesses and app stores have a responsibility to protect users and maintain their trust.

“Our threat report shows there is more for app stores to do, with cyber criminals currently using weaknesses in app stores on all types of connected devices to cause harm. I support the proposed Code of Practice, which demonstrates the UK’s continued intent to fix systemic cybersecurity issues.”