Employees love to gamble with their employer's internet security by installing potentially vulnerable gambling apps on their company issued mobile devices, according to a report released Wednesday by Veracode.
Theodora Titonis, vice president of mobile at Veracode told SCMagazine.com in an email Wednesday that there have not been any verified corporate-level breaches due to the gambling software, but the survey found the average enterprise mobile device has multiple gambling apps installed.
“Many of these apps contain adware as well as critical vulnerabilities, such as weak encryption, enabling cyberattackers to gain access to contacts, emails, call history, and phone locations as well as to record phone conversations,” the Veracode report stated.
Veracode cited a Gartner report that noted in 2015 that 75 percent of mobile gambling apps fail basic security tests. This is in part due to poor programming on the part of the app's developers, but also because hackers are on the lookout to exploit insecure.
Some examples cited were a casino app that checks to see if the mobile device is jailbroken and if so it can then go in and make changes and access data; a slots app connects with its back-end system via unsecured HTTP; and Gold Fish Casino Slots, Jackpot Party Casino and Texas Poker can read, write and delete local files while directly accessing various network functions.
U.S.-based companies are the most likely to suffer any damage as the majority of the devices with gambling software installed were located here. “We actually didn't track the actual phone location; rather we conducted the research based on our customer base. So while the majority of companies are U.S., we don't know if the phones were located in the U.S. or abroad. The companies were large enterprises, so it's likely there is a mix,” Titonis said.
Only Nevada, Delaware and New Jersey have legalized online casino-style gambling.