Symantec Endpoint Protection Mobile helps to celebrate the 10-year anniversary of the iPhone with this latest Mobile Threat Intelligence Report. As iOS devices continue to become more and more popular in the enterprise environment, especially in the executive halls, hackers follow suit by creating iOS malware at a higher rate than they do for Android. In fact, the percentage of enterprise iOS devices with malware tripled over the last two quarters while the rate of Android malware stayed relatively flat over the same period.
The introduction of iOS had such a profound impact on how we think about security in the enterprise that for a while iOS was considered the “safe” platform. Perhaps that attitude delayed the recognition that there are real and effective threats against the platform that must be addressed. In this report, you will find that there is a rich history of successful exploits against Apple’s mobile platform, and an increasing rate of exploits. Apple did, in fact, create a secure architecture in iOS, but as with any software, there will always be flaws, and the number of those flaws that are discovered has more to do with the intense effort of hackers than it does any deficiencies in the design. The number of iOS vulnerabilities patched in the first quarter of 2017 is already greater than the total number of iOS vulnerabilities discovered in all of 2016. Fortunately, Apple is still very fast at patching the OS and distributing updates.
When it comes to malicious apps, you would be hard pressed to find them in Apple’s App Store. It’s not that it can’t happen, and it certainly has (remember XcodeGhost), but it is a rarity compared to the relative wild west of the Google Play store (I do acknowledge that Google has made serious attempts recently to improve that recently). So hackers regularly find other creative ways to get malware installed. Since Apple provides for sideloading apps as part of its support for enterprises and their proprietary business apps, hackers can use creative social engineering strategies to trick users into installing these apps. In case anyone is still under the delusion that iOS is the safe platform, here is a graphic that illustrates 7 different ways hackers compromise and infiltrate iOS devices.
Another threat vector explored in this report is risky and malicious networks. We were curious if platform and/or location played a role in how often devices were exposed to network threats by looking at both Android and iOS exposures in North America compared to Europe, the largest markets for iOS devices. As it turns out, the network incident rate is higher in Europe for both platforms, and across all geographies, iOS users connect to fewer risky networks than their Android counterparts. This is more likely to be the result of individual behavior and prevalence of malicious networks than due to any differences in the platforms themselves.
As scary as all of this may be, and potentially disturbing for those who thought they didn’t need to worry about securing their iPhones, there are absolutely actions that you can take to keep yourself and your device safe from would-be attackers.
- Don’t click, install or connect to anything that you are not confident is safe.
- Only install apps from reputable app stores.
- Don’t perform sensitive work on your device while connected to a network you don’t trust.
- Always update to the latest security patch as soon as it is available for your device.
- Protect your device with a free mobile security app like SEP Mobile
Check out the full report to learn about the history of hacking the iOS platform, and trends leading up to the specific data collected by SEP Mobile during Q1 of 2017.