Today’s Mobile Threat Landscape
Real People, Compromised Devices, Insecure Infrastructure
Mission: Critical Mobile
Unusually for such a world changing event we can pinpoint the exact moment when the smartphone revolution began. It was at 9:47am Pacific Standard Time on 9 January 2007 that Steve Jobs unveiled the iPhone. To industry veterans such as Nokia or Blackberry the fact that it didn’t have 3G radio meant that it wasn’t really a smartphone at all.
But for Apple fanboys it was the moment they had long been waiting for. Today it’s clear that the product launched that day profoundly altered the very fabric of day-today life in a thousand ways. It’s created Uber and countless other parts of the ‘ondemand economy.’ It has played a critical role in political revolutions (the Arab Spring and Hong Kong’s pro-democracy movement) and revolutionized dating (think Tinder). It’s accelerated the pace of business and created the 24 hour news cycle.
Unquestionably, because of the smartphone, we have become the first generation in human history to live 24×7 always-on, always connected lives. The impact on our work experience has been no less profound. It started with email: how did we ever survive without our inbox at our fingertips. It extended to the full range of digital workplace tools including calendaring, conferencing and file sharing. Now it is being used to re-shape the way business is conducted from kiosk based banking, to onsite invoicing, to on-demand logistics. Today we live in the era of mission critical mobile.
Smartphones and tablets now account for over 60% of all smart connected consumer devices, up from 17% in 2008
Mobile Security in Perspective
Today, as more and more critical functions migrate to mobile it seems timely to take stock of where we stand as an industry and to provide guidance on the critical threats and vulnerabilities which we face today.
In the ten years since the launch of the iPhone we have learned much about ensuring the integrity and confidentiality of information stored and processed on mobile devices. Apple and Google have made much progress in making iOS and Android appropriate for use in enterprise environments.
It’s clear that the architecture of both the Android and iOS operating systems have helped them avoid many of the security issues which have plagued Windows. Application segregation, in particular, has made it far more difficult for malware to successfully exploit mobile devices. This is because each separate piece of software (‘app’) operates independently and access to data belonging to another app is highly restricted.
In addition apps do not have the kind of administrator privileges which would allow unfettered access to device data and functions. Instead end-users act as administrators of their own devices and are responsible for deciding whether apps have access to specific types of data (e.g. contacts, photos) or functions (camera, location services).
While such end-user control can be a doubleedged sword, Enterprise Mobility Management (EMM) systems can compensate for this. In these circumstances more stringent controls can be imposed and an end-user’s ability to inadvertently compromise a device can be reduced.
Both Apple and Google have shown themselves committed to addressing security issues in a timely fashion. Apple in particular is in the enviable position of having circa 90% of its devices on the last OS version.
The app store software distribution model is another major security enhancement. In Apple’s case software can only ever (except in limited edge case circumstances such as enterprise distribution) be downloaded to an iOS phone via the App Store. Apps submitted to the App Store are subject to stringent vetting. Malicious apps which do make their way through the process are quickly removed once identified. While Android has also adopted the app store distribution model is continues to allow non Play Store downloads. In addition, Android is inherently more open and as a result the opportunities to introduce malicious code are greater. As a result Android suffers from a non trivial rate of malware infection.
To keep reading dowload the full whitepaper