The Three Most Frequently Attacked Mobile Devices

  /     /     /  
Publicated : 22/11/2024   Category : security


The Three Most Frequently Attacked Mobile Devices


Android devices, tablets, and jailbroken devices top list of riskiest mobile products in the enterprise setting



As mobile devices continue to become more sophisticated and more integral to employees everyday work lives, these mini computers in our pockets and handbags continue to become bigger and bigger threats to IT security.
The proliferation of the devices is happening so fast, and people are now pushing the limits on what theyre using the devices for that IT is having a hard time keeping up, says Dave Hansen, CEO of Numara Software.
So many devices are big risks because critical information runs freely through them and security procedures are ignored for the sake of expediency -- these are tools built for convenience, after all. Most troubling, it is often the executive suite that champions fewer security controls so they can continue to use these mobile tools without fetters. That leads to an almost willful ignorance from IT, who would rather not butt heads with senior management.
Its bizarre. I was a CIO for a Fortune 500 company, and I remember five years ago when I was the one that put passwords on BlackBerrys and thought they were going to burn effigies of me in the lobby, Hansen says. There was yelling and debating going on at the executive level as to why we would to that .
But ignorance gets us nowhere. In order to mitigate the risks, IT first needs to identify them. The following three devices are some of the biggest security threats to your infrastructure, whether you know it or not.
Android Devices
Devices running on Android OS are increasingly becoming a favorite among hacker for two big reasons: market share and openness.
As the number of Android devices has proliferated the market, it becomes an ideal medium for attackers to look for common vulnerabilities and quickly spread malware.
“Android took the lead in 2011 as the most often attacked mobile computing platform. With more than 45 percent share of the smart phone market, its no surprise Android is the leading attacked platform, says Adam Powers, CTO of Lancope. As weve seen with the Windows desktop OS, attackers follow the masses. Android smart phones offer softer targets compared to Apples iOS and Blackberry OS. Market share combined with an accommodating attack surface have put Android phones in the cross hairs of many attackers.”
That accommodating attack surface is predominately caused by the open attitude about application development and distribution, says James Lyne, director of technology strategy for Sophos.
It’s simple to write an application, malicious or otherwise, and distribute to phones, he says.
Whats more, the open source platform gives attackers the opportunity to scour Android OS source code to look for ways to attack.
The Android OS is more open than others, allowing attackers to more easily understand the device from a source code level, says Tyler Shields, senior researcher for Veracode. Even more risky, from an application level, Android admits to not verifying the security of applications made available in their app store, which puts consumers at risk.
All Tablets, Especially iPads
Tablets combine the power of laptops with the portability of a magazine, making them a favorite of senior executives and power users who tend to use these devices to access the most important company information.
Senior executives are bringing tablets from home. Theyre doing this because theyre into high tech, and they want to be more productive and increase their efficiencies and become the most cutting edge person a work. For obvious reasons, thats wonderful but its creating huge headaches for CISOs and CSOs, says Tom Kellermann, CTO of AirPatrol. Not only can someone hack the tablet and the back end network that it connects to through man in the middle attacks, but also you can then hack the tablet and then turn the microphone and the camera on in settings they shouldnt be on, like board rooms.
With the iPad taking up the biggest market and mindshare in this category, its no surprise that these devices are a big risk. This is especially true given how iPads are typically used. Theyre primarily designed to process documents and data and store them offsite, syncing up with insecure cloud storage applications that just open up a whole other can of worms for IT.
iPads pose the worst risk as far as data leakage in concerned since they are mainly used for consumption of enterprise information in various form of documents, says Guy Levy-Yurista, vice president of products and development for AirPatrol. This sensitive info is not properly encrypted, and is rarely confined to the device; it can be easily forwarded to a private account and out of the control of the enterprise.
Jailbroken Devices
When devices are jailbroken, IT tends to lose any ability to control how they interact with network assets or how theyre configured.
This applies to iOS, Android, BlackBerry (and so on). A mobile device that has been jailbroken is one thats had its safety net removed. The makers of these devices are doing the best job of making truly safe systems, and jail breaking them makes them vulnerable, says Jon Callas, CTO for Entrust. The only known iOS malware, for example, runs on jailbroken devices. It doesnt matter if it is a jailbroken iPhone or a Chromebook in developer mode, when you take the OS blade guards off, youre at risk.
In particular, jailbroken iPhones can be a big problem because they lose the walled garden of closed configurations that Apples built around them and because theyre at the mercy of users who might use a tutorial to jailbreak but have little fundamental knowledge of how the technology really works.
Most jailbroken iPhones haven’t modified the password used to jailbreak the device which allows the creation of rapid moving worms using the SSH service, Levy-Yurista says.
These three device classes are just a fraction of the risks posed by mobility. There are plenty of other devices and applications that put the enterprise at risk, too. Fundamentally, the real risk is treating mobile device security as a non-issue.
This is a bit like asking what the three most dangerous things in the kitchen are. The knifes are obvious, as is the stove. I can get dramatic and mention the food processor. I could be esoteric and mention the mandolin or any other slicer. Or I could be puckish and tell you how the ice maker is dangerous, Callas says. The reality is that the kitchen is a dangerous place to the careless or actively stupid.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
The Three Most Frequently Attacked Mobile Devices