Slow Security Patching Leaves Mobile Users Exposed to Rise in Network Attacks, Malware, and Vulnerabilities
Palo Alto, Calif. — March 23, 2017 – Skycure, the leader in mobile threat defense, today released the findings of its most recent mobile threat intelligence report. The fourth quarter report highlights the growth in mobile threats throughout 2016, including the susceptibility of mobile devices to attack. An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old. Six percent of devices run patches that are six or more months old. Without the most updated patches, these devices are susceptible to myriad of attacks, including rapidly rising network attacks and new malware, also detailed in the report. In tech city centers, Boston topped a list of tech cities with the largest growth in network incidents with a more than 960 percent increase. The report also found that common malware grew by more than 500% from the first quarter to the fourth quarter of 2016.
“Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful,” said Yair Amit, co-founder and CTO of Skycure. “It’s essential that users and companies know the moment that a device is able to remove these risks to reduce the window of vulnerability. That’s why we built this capability directly into Skycure and why we have a focus so heavily on security research. The only way to beat the bad guys is to be one step ahead of them.”
Wireless Carriers and Vulnerabilities
A huge number of Android vulnerabilities were identified in 2016, rising to more than four times the number in 2015. Almost half of those vulnerabilities allowed excessive privileges, while others allowed other bad effects, like leakage of information, corrupted memory, or arbitrary code execution. Because carriers must make Android patches available to their users before they can patch their devices, Skycure analyzed devices on AT&T, MetroPCS, Sprint, T-Mobile, and Verizon to determine the age distribution of security patches on the leading carriers. According to the report:
- The most recent security patch released by Google has only been adopted by a very small percentage of the devices. Skycure reported that AT&T users were up to ten times more likely to have this latest patch installed.
- Among the five major US carriers, MetroPCS had the highest percentage of devices with patches more than three months old, making their devices the most susceptible to attack.
- Stand-alone protection above and beyond the integrated protections with the EMM
- Among all the major carriers, more than one-third of devices had patches more than three months old. Google releases Android security patches every month, meaning these devices are at least three patches behind, exposing vulnerabilities on these devices ripe for hackers.
Massive Increase in Network Incidents: Tech-center Focus
Skycure also tracked trends in network incidents over 2016. To highlight the rise in risk of network attack for mobile devices, Skycure analyzed network incidents in the major technology centers* of the US over the course of the year. The report found:
- The volume of incidents rose dramatically from the first quarter to the fourth quarter of 2016, ending Q4 with more than three times the number of incidents of Q1.
- Boston had the greatest increase in incidents throughout the year, reaching nearly 11 times the number of incidents from the first to fourth quarter, followed by Chicago, Raleigh-Durham, and Washington DC.
According to the Skycure report, malware has become a popular hacking tool because common types of malware are available for sale to anyone on the Internet. This means that even people with little technical skill can purchase malware and hack mobile devices. The Skycure report details and defines the most common types of malware, and found:
- The most common types of malware are: adware, hidden apps, potentially unwanted apps, riskware, spyware, and trojans.
- The number of these common types of malware grew by more than 500% from Q1 to Q4 of 2016.
- Among the common types of malware, hidden apps ended the year with the fastest growth in 2016.
For the full Skycure Mobile Threat Intelligence Report, go to: https://www.skycure.com/blog/mobile-threats-year-in-review/
Tips to Protect Your Mobile Device
Mobile threats increased substantially in 2016 and are expected to continue to rise. Skycure offers the following tips to keep mobile devices safe:
- Don’t click, install or connect to anything that you are not confident is safe.
- Always update to the latest security patch as soon as it is available for your device.
- Protect your device with a free mobile security app like Skycure – https://apps.skycure.com/
For details and to learn more about how Skycure Mobile Threat Defense protects organizations and prevents cyber attacks without compromising the mobile user experience or privacy, visit www.skycure.com.
About the Mobile Threat Intelligence Report
The quarterly Skycure Mobile Threat Intelligence Report reviews worldwide threat intelligence data. The information in today’s report is an analysis of millions of data points taken from Skycure’s global sensors, from January 1 through December 31, 2016, taken in quarters. Data includes Skycure’s proprietary Mobile Threat Risk Score, which acts as a credit score to measure the risk of threat exposure for mobile devices. For organizations, Skycure condenses millions of data points to calculate a risk score so that IT can quickly discern the state of the overall system and the risk to each device. Skycure analyzes more than a million apps and conducts hundreds of millions of tests on networks worldwide every year.
* The cities and metro areas analyzed were Austin, Boston, Chicago, Dallas, Denver, New York City, Portland, OR, Raleigh-Durham, Salt Lake City, San Francisco Bay Area, Seattle, and Washington DC.
Skycure is the leader in mobile threat defense. Skycure’s platform offers unparalleled depth of threat intelligence to predict, detect and protect against the broadest range of existing and unknown threats. Skycure’s predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence, in addition to both device- and server-based analysis, to proactively protect mobile devices from malware, network threats, and app/OS vulnerability exploits. Skycure Research Labs have identified some of the most-discussed mobile device vulnerabilities of the past few years, including App-in-the-Middle, Accessibility Clickjacking, No iOS Zone, Malicious Profiles, Invisible Malicious Profiles, WifiGate and LinkedOut. The company is backed by Foundation Capital, Shasta Ventures, Pitango Venture Capital, New York Life, Mike Weider, Peter McKay, Lane Bess, and other strategic investors.
AquaLab PR for Skycure