Safety risks are on all mobile devices, but it applies to Android more than others because of its open nature, slow distribution of updates and absence appropriate prohibitions applications.
Android and iOS operating systems dominate the mobile devices market. No device cannot be called completely protected, but Android is greater popular with the creators of viruses and causes great problems in the corporate segment.
Android devices in recent years are increasingly used in enterprises, so companies need strategies for minimizing risks, J. Gold Associates research company believes.
Analyst Jack Gold argues that since Android is an open operating system, everyone can look inside. The same can not be done on iOS. For example, developers from the company LG can sell smartphones with modified versions of Android. If you make errors when making changes in Android, vulnerabilities may appear. These vulnerabilities will not remain unnoticed.
Even if the developer makes a small change in the operation of applications on Android, a hole in the security system may appear. If you simply change the appearance and behavior of the messenger, we can simultaneously add vulnerability into it. This is the problem of the open code, which will never be detected without testing.
Apple iOS system is significantly more limited. It does not give third-party developers of such broad opportunities and Apple does not show the source code of the system. Smartphones iPhone and iPad tablets compared to Android devices more difficult to hack. Apple imposes various limitations and periodically checks whether the system is hacked on your device. As Apple controls hardware and software, the company has the ability to strengthen safety.
Partly Android has become a victim of its success. The cumulative share of Android and iOS is 94%, the study of Forrester Research. Android accounts for 73%, in 2016 the system had 1.8 billion users. This year, a share of 74% is predicted, while Apple has 21%, and Windows Phone has only 4%.
When Android is under a blow, it is more vulnerable because it has more devices and more people. Another problem is the small distribution of the latest version of Android on active devices. Updates receive not all users, unlike Apple devices.
Enterprises often develop their own applications, which also creates vulnerabilities in the system code. Apps today are rarely writing from scratch, especially when this happens outside the divisions of the company's development. Developers typically use online libraries with open source components. These pieces of code work as building blocks for assembling custom mobile applications. These blocks can be modified, but they may contain vulnerabilities.
Mobile threat detection level Hrielyward
According to the Internet Security Threat Report Report from Symantec, the level of threat detection on mobile devices in 2016 has grown Twice and amounted to 18.4 million samples of aquifer. Such threats were observed in 2015, and in just the last two years, 5% of devices were target for infection.
According to Symantec, from 2014 to 2016, the level of vulnerabilities on iOS remained almost unchanged. The number of new marriages of malicious programs on Android has decreased significantly, from 46 in 2014 to 18 in 2015 and only 4 in 2016, but the system remains the main goal of mobile attacks.
The cumulative amount of malicious Android applications in 2016 increased by 105%, but in 2015 this growth was even more and amounted to 152%.
Mobile malicious threats are grouped by "families" and "variants". Malicious family is a collection of threats with similar types of attacks. In 2014, there were only 277 families of malicious applications, in 2015 the value increased to 295, in 2016 to 299. The number grows slowly, but the total number of threats remains significant.
However, these numbers do not give full pattern. The number of malicious options that are trying to engage found vulnerabilities, much more, what Gold wrote last year in the work of Android in the corporate environment.
Options are modifications that Hackers contribute to malicious code, their number can be calculated by thousands. For example, last year there were 59 options for 18 new families of malicious applications, which means more than 1000 new mobile malicious options, according to Symantec. Malicious mobile versions for each family in 2016 increased more than a quarter, in 2015 the growth was 30%.
This is a serious problem. Organizations where employees bring their own devices, there is no choice. They do not know there, the last and most secure version of the operating system are installed on the devices or not. Rarely there are cases when organizations are followed by this and allow the work of only updated devices.
Since in 2016 there were fewer new malicious families, but more options, Symantec concludes that attackers prefer the revision and modifications of existing families instead of creating new ones.
Attacks occur on iOS
Although attacks on the Apple iOS system occur infrequently, three vulnerabilities of the zero day were involved in targeted attacks on smartphones infection Malicious program Pegasus in 2016. This is a spyware, which can provide access to correspondence, calls and emails. It is also capable of collecting information from devices, from applications, such as Gmail, Facebook, Skype and WhatsApp.
For the attack, it was necessary to send a reference to the victim's device through text messages. If you click on this link on a hacked device, Pegasus made his way to the device and started collecting data.
A vulnerability is used as part of the Safari WebKit framework, information leakage in the system kernel and the problem with damage to the kernel memory, which can lead to a hacking device.
Infection of just one mobile device in the network of an enterprise can cost him an average of $ 9485, according to the Ponemon Institute's report. The potential financial consequences of the hacker hacking of the employee's mobile device with the alarm of data on the entrance and confidential information of the company can be even higher. Investigation, deterrence and elimination cost an average of $ 21042.
Survey 588 system administrators Institute Ponemon in February 2016.
Most attacks on mobile devices are associated with thefts of confidential information, such As contact lists, attempts to send text messages or launching the "Failure to maintain" attacks. Attacks of extortioners with encryption of files were still rare, but taking into account their distribution to the PC should not relax.
Users on smartphones are usually stored important data for them. If something happens to the device, they may have problems whose scale in enterprises even higher.
Among the new vectors of Malicious Applications android attacks is most often confident of Symantec. A noticeable change was in 2016: Android bypassed IOS by the number of vulnerabilities found, whereas in previous years IOS leaded with a significant advantage.
Partly, this is due to the improvement of Android architecture protection mechanisms and the growth of the interests of researchers to mobile platforms, the report says. After the explosive 2015, serious improvements in the Android architecture, much complicated the process of infection of the system and retrieving benefit from infection.
William Rofen from IDC in the field of mobile research believes that Google in recent years has made agreed steps to receive control over Android compared with the early period when everyone could make changes to the source code.
For example, Google now manages the source code to ensure that application developers and device manufacturers passed compatibility tests. The new version Android O may not be as open as previous. Stophegn claims that the source code can be closed, which makes it difficult to break the system. Large progress was made, but there is still something to work on.
Manufacturers of smartphones and Android tablets, such as samsung, also enhance safety. SAMSUNG KNOX security application provides the container operation and shares personal and working data using the creation of a virtual environment inside Android with your own home screen, bootloader, applications and widgets.
KNOX creates a container to access only authorized personnel. All files and data, emails, contacts and browsers are encrypted inside the container.
KNOX also allows users to safely add applications to My Knox Container through the Google Play store. Finding into the container, applications use KNOX security mechanisms.
More and more companies in their activities use mobile devices, so it is used to conflict with malicious software: a fairly simple method is used: regular update Applications and systems. Unfortunately, on Android, the question of updates is far from simple.
Organizations with the use of personal devices at work is difficult to force employees to update them. Even when applying the working devices, the update may be a problem and cause user rejection. Despite this, it is imperative to establish security updates immediately after their release.
Companies should be avoided by the "mobile" security strategy. They should have a comprehensive information security strategy and mobile should be part of it. If you try to do something unique on mobile devices, it may not approach the rest of the company's devices, such as PC. If a comprehensive security policy is applied, you can do everything you need in a mobile strategy if it complies with this policy.
For example, companies begin to use encryption on mobile devices to protect their data, but do not encrypt them on personal computers. Conversely, if companies use two-factor authorization on computers to access corporate applications, they must do the same on mobile devices. First you need to optimize security policies, and then deal with what can be done on separate devices.
Specialists recommend enterprises to update software on corporate mobile devices and regularly release alerts for employees so that they do the same on their devices. It is important to remind workers about the danger of downloading applications from unknown sources.
Symantec recommends that system administrators pay close attention to permissions that are asked for mobile applications. They can be an indicator of malicious activity. Mobile mobile devices companies must make sure that these devices have extended corporate applications. Google satisfies the needs of many customers on Android using corporate updates that are known as Android At Work. Mobile devices with Android At Work offer divided jobs and profiles that allow us to separate workers and personal data.
Some new mobile threats possess the properties of rootkits and are able to make changes to the operating system to obtain administrator rights in corporate systems. Enterprises must install software for detecting the root of mobile devices or immediately acquire devices where such software is initially established. This will make it possible to check the low-level code that runs on the device, which will allow you to block the execution of the root or replace the damaged operating system.
Device manufacturers can play a key role in improving the safety of smartphones and tablets. Some of them do not release system updates for many months. For enterprises, it must be a signal that the devices of this manufacturer are better not to use.
Although the addition of safety mechanisms to mobile devices is recommended, even more important to adhere to safe approaches to work. It is necessary to train employees how to work on the Internet: do not download applications from unknown stores and sites, do not move on suspicious links and do not open unexpected investments in messages and emails.