Hack In The Box: System Vulnerabilities Can Leave Mobile Devices Exposed

System vulnerabilities are a major threat facing users and enterprises today, and these need to be remedied thoughtfully. Since these vulnerabilities don’t require social engineering schemes to become exposed, and because they have an alarmingly high success rate, they are also one of the easiest ways to attack Android and iOS devices.

The constant release of numerous security patches — which are never enough to keep users safe – leaves a number of different in-market versions of both operating systems. These patches get released after significant delays, allowing attackers to thrive on vulnerabilities from the moment they are discovered until they are finally fixed.

The longer it takes to issue a patch, the more successful the attackers are at targeting an ever-growing number of users. And as is often the case, by the time a patch makes it to market, attackers will already have found a new vulnerability to exploit.

Webinar: How to Keep Mobile Threats at Bay

Enabling and Securing iOS and Android in the Enterprise

Securing today’s powerful mobile devices and the data on them is critical for the enterprise, but more than half of decision makers in a recent IDC survey had security and compliance issues during mobility rollouts. Join guest presenter Rob Westervelt, research manager for security products at IDC and Michael Shaulov, head of mobility at Check Point to learn why it’s more important than ever to have security for iOS and Android that provides continuous mobile protection for apps, networks, and operating systems.

> Register for Americas Session

> Register for Europe Session

Android is especially sluggish in patching security flaws. In the past six months, patches were released between 2 and 5 months after vulnerabilities were disclosed. But that’s not the worst of it. Even after Google releases patches, many OEMs and carriers delay in distributing them, and users sometimes wait to install them. Furthermore, the vast majority of Android users are on older versions, some of which are not updated with security patches at all. According to Google, over 30% of Android devices won’t receive security patches leaving users exposed to attacks.

iOS was once thought of as a security safe haven, but this notion was shattered over the last year as an escalating number of vulnerabilities and security workarounds in iOS appeared. The number of iOS attacks doubled from 2014 to 2015, and this trend isn’t slowing down. Jailbreaks, which undermine Apple’s entire security paradigm, are released shortly after any new version is released. Moreover, attackers are using new tactics are used to bypass Apple’s guard by exposing inherent flaws in its design.

Clearly, both Android and iOS are not impenetrable to attackers. Cyber criminals are constantly looking for new, innovative vulnerabilities that allow them to achieve new malicious goals. They’re not deterred by new security obstacles but instead discover workarounds that allow them to reuse known vulnerabilities.

Mobile attacks can occur in the blink of the eye, so organizations need an agile solution that can keep up with attacks that continue growing in number and sophistication. These mobile security solutions should:

  • Analyze devices continuously to uncover vulnerabilities and suspicious behavior.
  • Deal with threats automatically by mitigating any risk until it can be eliminated.
  • Provide visibility into mobile vulnerabilities to reduce overall mobile attack surface.

To learn more about the major threats facing
mobile devices in the enterprise, read our

CISO’s Guide to Mobile Security.