When app creators abandon domains for bigger, better deals, what happens to all the app-specific data? Credit: Manolo Franco Whether it’s an unfortunately short shelf life or a discontinued need, mobile apps are often abandoned by their creators who sometimes move on to a bigger, better deal. Should the domain be abandoned by its creator, a lot of domain-specific data is left out in the wild. The apps can still contact custom domain names for arbitrary tasks like configuration changes, application updates or publishing information. The traffic from a mobile device that is still trying to connect to an old and expired domain exposes lots of personal information — contact data, text messages, pictures, GPS data and call logs all sitting at risk of an attack. Though it’s not necessarily a new issue in information security, it is a growing trend that should raise some concern, particularly with mobile apps. Because of the way everyone uses cloud services, this old habit can create new risks that not many people are paying attention to, said João Gouveia, CTO of Anubis Networks. “When you have devices, software or anything that depends on external domain names and any of those domains are dropped, anyone can grab that domain name,” Gouveia said.If an adversary is able to access that domain, they have control over that infrastructure. And Anubis Labs has found this to be much more common of late. Of particular concern to Gouveia is that a user can download apps on either a personal or corporate device, potentially putting enterprise security at risk. “Users download apps, but after a period of time, the developer decides to no longer maintain the domain,” said Gouveia. They let the infrastructure that maintains that app collapse, and attackers take advantage of the absence of that infrastructure.Given the number of devices that communicate with external domains about everything from door alarms to room temperatures, security practitioners should certainly pay closer attention to mobile apps. “The apps themselves are still in operation, so the dropped domain may not have a functional impact on the application. But if the dropped domain is compromised, it can still leak out that data,” Gouveia said.Protecting against abandoned domain namesFrom a security perspective, though, is this a growing trend or another hyped up potential threat? Is orphaned traffic a risk to your business, and how can you protect against it?“Protecting is really hard,” Gouveia said. “The biggest challenge is the ability to detect it — to identify situations where internal software is trying to reach out to domain names that don’t exist and then block access to those domains.”Even in the cases where you can detect it, “system administrators won’t have control over applications,” Gouveia said. Appliances rely on the domain for updates, but they don’t validate the origin of the updates. If they can’t do much to help validate the update’s origin, what is the solution?“System administrators have to be cognizant of monitoring for malicious traffic, but they are not paying attention to this attack surface,” Gouveia said.Often these issues are a result of misconfiguration or someone forgetting to renew a domain name. A good place to start, said Gouveia, is by making sure you have a better understanding of the devices on the network and how those are supported by the developer of the software.Then use technology to defend against human error. Only give employees laptops that have a predefined environment, and don’t give administrative privileges to users, said Gouveia. Don’t allow users to arbitrarily download applications. If all else fails, you can try mobile management solutions. Related content news analysis Searching for unicorns: Managing expectations to find cybersecurity talent Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people. By Kacy Zurkus Sep 29, 2017 4 mins IT Skills Careers IT Leadership feature Vulnerability vs. risk: Knowing the difference improves security Conflating security terms evokes fear but doesn't help security newbs understand the difference between vulnerabilities and actual risks. By Kacy Zurkus Sep 26, 2017 3 mins Risk Management Vulnerabilities IT Leadership opinion What the Equifax breach means to me — an end user perspective Recovery and resiliency or apathy. Which will prevail now that most everyone's PII has been exposed in another massive breach? By Kacy Zurkus Sep 15, 2017 4 mins Cyberattacks DLP Software Internet Security feature Security chatbot empowers junior analysts, helps fill cybersecurity gap Endgame's Artemis eliminate syntax or query language, allowing junior analysts to communicate with the network more intuitively to find security issues. By Kacy Zurkus Aug 31, 2017 3 mins IT Jobs IT Skills Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe