Android devices widely outsell their Apple counterparts globally (although narrowly in North America), but that doesn’t mean that hackers don’t have their eyes on iOS devices. In fact, with IBM and Cisco Systems in partnership with Apple to deliver enterprise-related services to satisfy corporate users iOS devices are expected to increasingly be targets for malware.
One piece of proof of this is a report issued today by mobile security provider Skycure (which in the process of being bought by Symantec) that predicts 2017 will be a record year for vulnerabilities. The number of disclosed vulnerabilities in the first quarter of this year was greater than all of 2016, it points out.
That’s one sign of how intensely people are trying to break into the platform.
The report, written just after the 10th anniversary of the release of the first iPhone, is a reminder that no platform is immune from being hacked. The advantage of iOS is that because Apple controls the device hardware, operating system and update distribution channel it does a very good job of protecting the platform. By Skycure’s estimated 91 per cent of active devices were on the latest major version (iOS 10), and 22 per cent were already on the latest minor release (iOS 10.3) by the end of Q1.
By comparison only 20.75 per cent of active Android devices are running the latest version of its OS (version 7), although that rises when Android 6 is added to a total of 77 per cent.
On the other hand, the report notes that some vulnerabilities have taken months if not longer to be plugged, leaving users open to exposure.
Still, the most common way iOS devices are infected is through malware. And the sophistication of exploits continues to increase, says the report.
Skycure data from Q1 2017 shows that 0.65% of enterprise iOS devices today have high severity malicious apps installed. “This represents a significant
increase over the last couple of quarters, increasing threefold compared to Q3 2016.”
The report also found from customer data that iOS device users are perhaps more cautious than Android users in connecting to what it defines as risky networks — or are more willing to use safer cellular networks: Roughly 36 per cent of iOS users had connected to such networks, compared to 45 per cent of Android users. About 39 percent of iPhones experienced risky network incidents, averaging over seven incidents per affected device, while only 25 percent of iPads were exposed, averaging only five incidents each.
“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to minimize the threat from mobile devices,” says the report. Users should know to only install apps from the primary app stores, don’t click on untrusted links or approve device permissions and accesses without good reason.
All staff should be reminded of the following to keep their devices safe:
- Don’t click, install or connect to anything that you are not confident is safe.
- Only install apps from reputable app stores.
- Don’t perform sensitive work on your device while connected to a network you don’t trust.
- Always update to the latest security patch as soon as it is available for your device.