Mobile insecurity is increasing exponentially: In the first half of 2017, there were more flaws registered for Android and iOS than all of 2016, according to Zimperium analysis. But poor user practices are also placing mobile devices at risk.
The report is based on high-level statistics aggregated from Zimperium customers around the world. Each enterprise customer operates its own mobile threat defense environment and independently manages compliance and remediation policies based on corporate procedures and preferences. Every environment contains detailed forensics on each threat and attack, enabling security teams to perform detailed analysis on which device was attacked, where it was attacked (if configured) and what processes were running on the device at the time of the attack.
In aggregate, Zimperium customers detected hundreds of thousands of threats from April 1 through June 30, 2017, at the device, network or app levels.
Overall, 94% of Android devices were not running the latest software version available, and about a quarter (23%) of iOS devices were not running the latest software version available—a basic security issue.
Also, one in 50 apps downloaded on enterprise devices have serious security or privacy abuse issues—indicating the need for more user education. Users also installed unauthorized VPN apps to circumvent corporate compliance policies.
The analysis found over 19% of apps had the capability of retrieving private information like passwords and device’s Unique Device Identifier, UDID. Retrieving the UDID from devices has been prohibited by Apple since 2011, the report noted. Approximately 3% of the apps were using weak encryption or hashing algorithms—like MD2—and are not considered secure to pass private, payment data or in app purchases.
Additionally, the analysis revealed that more than 5% of all devices detected a reconnaissance scan from a network device or an attacker; and 80% of scanned devices detected a man-in-the-middle attack (MITM).
“Many of these devices experienced multiple scans over the quarter,” the company said in its report. “Attackers scan networks to find victims and reroute traffic via an MITM attack in order to read and capture communications to and from the targeted device. zIPS detected an MITM attack on 80% of the devices that experienced a scan and simultaneously reported it to the customer’s security team. This is the most severe type of network attack since it is usually invisible to a user. Unless a user has a mobile threat defense app that can detect the attack on his/her device in real-time (e.g., zIPS), their wireless connection can be rerouted to a proxy and their data may be compromised.”
Zimperium also found that rogue access points, which are wireless access points that have been installed on a secure network without explicit authorization from a local network administrator, are another common type of network attack that reroutes traffic. Rogue access points can be placed anywhere and follow trusted naming conventions to capture traffic from potential targets.
Nearly 1% of devices detected a rogue access point after a device connected to it. For example, one customer found a rogue access point placed in a legitimate public transportation vehicle in order to capture mobile user behavior.