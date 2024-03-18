Lookout, Inc., the data-centric cloud security company, issued the following statement regarding the European Union's Digital Markets Act (DMA), gatekeepers' obligations and what organizations can do to remain secure.

"While the European Union's Digital Markets Act will help ensure fair competition and provide mobile users with more freedom of choice when it comes to accessing apps, it also presents a great deal of risk for those users and the companies for which they work. Striking a balance between user freedom and maintaining a secure ecosystem is crucial, and any potential changes should prioritize protecting user privacy and data security.

The introduction of sideloading which is the process of installing an app from a source other than the device OS's official app store on iOS provides threat actors with additional avenues to exploit devices and the sensitive data they have access to. Your mobile device is your identity these days by compromising it an attacker can take over all your accounts, even those protected by multi-factor authentication. Users may not understand that as they use their personal devices for work, sideloading apps can be risky since these apps might not be vetted with as much scrutiny, making them more likely to be laced with malware. The malicious apps could be used to track user activity, harvest personal data or even enable remote control of the device.

Attackers can count on people making mistakes when using their mobile devices, and because nobody's perfect, a small human error can lead to a big enterprise data breach opportunity. On iOS, we're already seeing an increasing number of bad actors leverage social engineering, targeting a user's mobile phone to steal credentials that provide legitimate access to critical corporate infrastructure and sensitive data as part of the modern cyber kill chain (examples include MGM, Caesars and Twilio). These latest changes will open up an additional avenue of app-based malware on iOS.

Defense against app-based iOS malware is something security teams are unprepared for. It's like a muscle that hasn't been flexed because it hasn't been a prominent issue. Now, all of a sudden, it's emerging as a new challenge that organizations will need to address. Security teams are already overwhelmed with an influx of attacks via vulnerabilities and stolen credentials, which makes it all the more important for organizations to plan for scenarios that involve compromised iOS devices, whether it be from app-based malware, social engineering, phishing, device compromise or vulnerable apps and operating systems."

David Richardson, Vice President, Endpoint and Threat Intelligence, Lookout

