Marble Mobile Security Labs Report: Apple iOS and Android Mobile Devices Equally Vulnerable to Attacks
SUNNYVALE, Calif. – June 17, 2014 – Analysis of vulnerability to 14 leading mobile security threats shows that the Apple iOS and Android mobile operating systems are comparably risky but expose users to different threats, according to research by Marble's Mobile Security Lab. Another key finding based on the analysis of 1.2 million iOS and Android apps, as reported in Marble Labs Mobile Threat Report, June 2014, is that gaming and news apps on iOS devices present significantly greater mobile security risks than other app categories on that platform.
"Enterprise security managers need to know that Apple's vaunted iOS mobile security reputation hinges on its app distribution control, not on any inherent superiority of its operating system," said Marble Security Founder and CTO David Jevans. "We broke it down in our labs against 14 leading attack vectors for mobile devices, and aside from their app distribution control, iOS and Android are equally at risk to the mobile security threatscape facing the enterprise. The take away for network security managers is you cannot take iOS device security on faith and allow those users unfettered access to corporate resources."
Other key findings about iOS in the research report include:
- The attack surface of both platforms is not markedly different, as attackers have found ways to publish malicious apps, or to attack mobile users, over SMS or through compromised Wi-Fi hotspots on both platforms
- There is no significant difference in the risk of jailbreaking iOS versus rooting Android devices; "jailbreak jammer" apps on both platforms can prevent detection by mobile device management (MDM) systems, and new versions are rapidly brought to market following releases of either mobile operating platform and the leading MDM systems (Marble Labs first announced the risk of jailbreak jammers in December 2013)
- The threats are different between the two platforms; for example, new iOS threats such as hostile configuration profiles, unencrypted email attachments and backup hijacking can open very effective attack opportunities for hackers
- iOS apps, like Android's, routinely require privacy-risky permissions like reading contacts, email messages and text messages; once uploaded to the app provider, this data is no longer controlled by the mobile device or the enterprise and represents a significant potential threat to security
More information on the findings and methodology of the Marble Labs research is available online in the final report: Marble Labs Mobile Threat Report, June 2014.
Enterprise network and mobile security managers interested in learning more about how Marble Security's App Risk Mitigation and Mobile Risk Scoring can enhance enterprise mobile security with defense in depth can learn more at www.marblesecurity.com.
About Marble Security Labs
Marble Security Labs dedicates resources to discover and track rapidly evolving mobile security threats facing enterprises and their workers. The research supports the Marble mobile security platform, which actively scans mobile devices and has built-in dynamic security analysis, detection and prevention against mobile security threats. Marble Security Labs currently focus on five critical threats: jailbreak/jammer – detection and protection; dynamic app analysis of behavior; static app analysis; poisoned and malicious DNS; and phishing site detection. Resources from Marble Security Labs include podcasts on mobile security, the Marble Security blog and Marble ThreatWatch, delivering the latest news, commentary and strategies for mobile security.
About Marble Security
Marble Security prevents mobile threats from compromising enterprise networks by layering mobile defense in depth. Marble's cloud service delivers app risk mitigation, secure messaging and trusted networking to protect smartphones and tablet network communications. The Marble Mobile Risk Score© (MMRS) is the world's most comprehensive mobile security scoring metric, uniquely factoring the risk of each device's behavior, individual apps and network communication patterns. Marble's customers protect and secure more than 1 million individual users in the healthcare and financial services sectors.