For years now, PCs and laptops have required antivirus software to be installed from day one. As the world transitions to mobile IT, many companies have assumed that legacy IT practices will suffice for the mobile era. For many reasons, this is not the case. Phones and tablets can operate beyond the organisation’s LAN, and connect through various routes, many of which can be compromised to intercept and even alter data before it reaches the intended target. Each mobile platform can be attacked differently, and companies with multiple mobile OSs should be aware of the threats facing each device type, and how to mitigate these threats in order to maintain data security.
Android was designed to allow the users and developers as much access as possible to the underlying system, and can therefore be rooted with relative ease. Most Android phones have the option to allow users to download apps from 3rd party app stores. Apps, uploaded to Google’s Play Store, are vetted by “Bouncer” (scanning service to detect malicious apps), however, as we’ve seen since 2012, many malicious apps have managed to get past Bouncer by linking to a malware payload rather than containing one. Once devices access 3rd party app stores, it is difficult to ensure that the apps are safe for use, which is certainly something that would render the device unfit for work.
While viruses do exist for Android, most malware comes from malicious websites and 3rd party app stores, and can be easily prevented by blocking access to these stores and checking the reputation of the apps that are installed on the devices.
iOS devices cannot install apps from 3rd party app stores unless jailbroken (which is easily detected by most security tools), or unless the app is being pushed from software which has installed a management profile on the device. iOS also prevents apps from talking to each other without any intervention from the user by sandboxing the apps, which makes it difficult for viruses to spread. However, users can be tricked into installing malicious profiles; there have been instances where legitimate apps had malicious code injected into them before they were uploaded into the App Store.
While Windows Phones currently represent a lower market share than the other Mobile OS platforms, reports in 2015 stated that Windows phones were the targets of 80% of mobile Malware.
A New Threat Landscape
Many of the threats facing mobile users today come from far simpler sources than we have become used to with traditional IT platforms. As SDKs for app development are available to anyone, and app development becomes more accessible than ever before, it is now possible for inexperienced developers to get apps published with relative ease. If the app isn’t deemed to perform a malicious function, chances are that it will make its way into the app stores. Many of these apps can transmit user information in unencrypted formats. With so many of us using public Wi-Fi when on the move, such information is easily intercepted, and it potentially puts the user and their company at risk for data leakage.
People who want to steal user information no longer need to find their way through firewalls and hack passwords. It is far simpler to create a seemingly innocuous app with excessive permissions. Users will often allow apps access to their contacts and device storage without examining the implications of these actions. Flashlight apps are notorious for this, but many other apps can request permission to access data that is not relevant to their function, and all that’s required is a single tap from a careless user to grant this permission.
For those hackers who do not wish to develop apps, capturing data in transit through rogue Wi-Fi hotspots and Man-In-The-Middle (MitM) attacks. This involves intercepting traffic on the way to and from the mobile device. Outbound unencrypted data such as usernames, passwords, credit card numbers etc. can be intercepted and stored, and incoming traffic can be altered to allow the hacker further access to personal information by convincing the user to accept malicious payloads from what they believe to be trusted sites.
Antivirus is of little use against the new threat landscape, but it is not all bad news. Solutions are now available that can monitor outgoing traffic, detect MitM attacks, and even allow administrators to see the reputation and details of all of the apps on their mobile estate. User education is also of vital importance, but can never be assumed or relied upon. Contact us today to find out more information about Mobile Threat Prevention solutions.