More than 27 Million Android Devices with Medical Apps Likely to Have High-Risk Malware Installed
Palo Alto, Calif. – April 5, 2016 – Skycure, the leader in mobile threat defense, today announced the results of its second Mobile Threat Intelligence report, based on worldwide mobile data from Skycure and third-party sources. The healthcare-focused report found that the percentage of doctors who use mobile devices to assist their day-to-day practice are exposed to network threats that significantly increase over time. In a single month, one in five (22 percent) of mobile devices will be at risk of a network attack. This figure nearly doubles (to 39 percent) after four months. In addition to network threats, mobile devices continue to be plagued by malware. More than four percent of all Android devices were found to be infected with malicious apps. Medical app users need to be particularly wary, as the report found 27.79 million devices with medical apps installed might also be infected with a high-risk malware. The Skycure mobile threat defense platform conducted 51 million network tests in 2015, and detected the installation of nearly 13,000 malicious apps.
“The mobile phone is the best surveillance device in history,” said Jim Routh, CSO, Aetna. “Each device is a potential attack target for personal data, company data, and, in the healthcare industry, the private medical and health information of patients and customers. It’s imperative that both mobile users and their employers understand the risk and how to stay safe.”
Mobile Healthcare at Risk
According to the US Department of Health and Human Services, more than 260 major healthcare breaches occurred in 2015. Of those breaches, nine percent involved a mobile device other than a laptop. Other research reports that 80 percent of doctors use their mobile devices to assist in their day-to-day practice and 28 percent store patient data on their mobile device, making their devices prime targets for cyber criminals. In looking specifically at the healthcare industry, the Skycure report found:
- Eleven percent of mobile devices running an outdated operating system with high-severity vulnerabilities might have stored patient data on them.
- Fourteen percent of mobile devices containing patient data likely have no passcode to protect them.
- 27.79 million devices with medical apps installed might also be infected with high-risk malware.
“Mobile is a huge attack target for cyber criminals who are after sensitive personal data like patient records,” said Adi Sharabani, CEO of Skycure. “Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner’s data and identity at risk.”
More than two in every hundred mobile devices in every industry are high risk according to the Skycure Mobile Threat Risk Score–meaning they’ve already been compromised or are currently under attack. Nearly forty-four percent are medium to high risk. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.
Passcodes and OS Upgrades Increase
The report did uncover some bright spots across the mobile landscape. Some users are taking steps to secure their mobile devices. For example, the percentage of devices with passcodes enabled rose slightly to 52 percent in the last quarter of 2015 from 48 percent in Q3 2015. This may be due to new devices activated over the December holidays featuring biometric passcodes. Unfortunately, it still leaves nearly half of devices completely unprotected.
The report also found that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device’s operating system.
- At the end of 2015, 88 percent of iOS users had upgraded iOS 9, the most recent major version of the Apple mobile operating system.
- By contrast, only three percent of Android users were using Android 6.0 or “Marshmallow” at the end of the year.
- That leaves 97 percent of Android devices vulnerable to exploits targeting older versions.
Android upgrade adoption is complicated by carrier and device manufacturer release times. Despite its release in October, many Android users still don’t have access to a Marshmallow upgrade. In addition, enterprises often have conflicting policies or no policy at all on device upgrades. This can leave many devices vulnerable to threats, such as the Shared Cookie Store Bug, a vulnerability discovered by Skycure researchers several years ago, yet only addressed in the most recent version of iOS. Skycure also recently reported the discovery of Accessibility Clickjacking, a new type of Android malware that tricks users into giving away admin access to their devices and affects 65 percent of Android devices – a staggering number of half a billion mobile devices.
To learn more about how healthcare CISOs can secure mobile devices that access sensitive information, view the on-demand webinar featuring Jim Routh, CSO of Aetna at http://get.skycure.com/mobile-security-in-healthcare-webinar.
For details and to learn more about how Skycure Mobile Threat Defense protects organizations and prevents cyber attacks without compromising the mobile user experience or privacy, visit www.skycure.com.
About the Mobile Threat Intelligence Report
The Skycure Mobile Threat Intelligence Report reviews worldwide threat Intelligence data. Today’s report is based on millions of monthly security tests from October through December 2015 and includes both consumer devices and devices under management in enterprise organizations. Data includes Skycure’s proprietary Mobile Threat Risk Score, which acts as a credit score to measure the risk of threat exposure for mobile devices. For organizations, Skycure condenses millions of data points to calculate a risk score so that IT can quickly discern the state of the overall system and the risk to each device.
Skycure is a mobile threat defense company that detects and prevents cyber attacks without compromising the user’s privacy or mobile experience. Skycure’s predictive technology leverages massive crowd knowledge to proactively identify threats and secure mobile devices. Skycure’s founders, Adi Sharabani and Yair Amit, have identified some of the most-discussed mobile device vulnerabilities of the past few years. The company has offices in Silicon Valley, Tel Aviv, and Ottawa, and is backed by Pitango Venture Capital, Shasta Ventures, New York Life, Mike Weider, Peter McKay, and other strategic investors.
AquaLab PR for Skycure