iTWire ran a name and shame article with Wandera identifying 26 UK/Europe/US/Canada/ROW companies that could leak data.
Its quarterly threat report is even more illuminating and covers data use as well as vulnerabilities. Highlights include:
- 900 new spam hosts
- 300 new variants of password leaking apps/websites (see iTWire article here)
- New app password leaks – 5x more on iPhone than Samsung
- 11% of its customers have been exposed to password leaking apps
- Among major customers, iOS 9.x users are using 20-30% more data since the update from iOS 8
- Only 1% of customers have devices with an outdated OS (down from 4% last quarter)
- Email accounts for 25% of data when roaming compared to 13% domestically
Wandera looks at mobile threat prevention, compliance (enterprise connections and unapproved usage) and data cost management.
Its report shows the major threats faced by enterprise mobile use – these are for the main part applicable to consumer use.
It’s a corporate phone – but its use is personal.
The top fifteen sites visited seldom include the company’s web site.
iOS can use 20-30% more data
iOS 9 has Wi-Fi Assist, a feature that automatically connects devices to cellular networks when Wi-Fi signal is lost. While this automatic switch sounds convenient, it means the user may not be aware of the corresponding data costs incurred.
Within two weeks of iOS 9 being launched, 50 of its major enterprise customers reported that iOS 9 users were using 20-30% more data since the update from iOS 8. In several instances this appears to be caused by the automatic activation of Wi-Fi Assist in locations where corporate Wi-Fi was available but it was overloaded or patchy. This is concerning for businesses that may be incurring unnecessary mobile costs while their employees are at their desks.
Surprisingly iOS is more vulnerable than Samsung’s version of Android
Despite Android’s reputation as a less secure platform, this quarter we’ve actually seen five times more new app leaks on iPhone than Samsung. One new app leak in particular was filed by its Threat Research Team as ‘high impact’, leaking users’ emails and passwords on both iOS and Android versions.
The Italian newspaper app Correiere della Sera has between 100,000 and 500,000 users globally. Unfortunately, seven out of ten people use the same login details for multiple accounts, increasing the potential impact of this type of threat.
It recommends using unique login details for apps that request sensitive information (such as banking apps), and avoiding the use of these apps when connected to public Wi-Fi hotspots where risk of Man-in-the-Middle attack is highest.
When iOS jailbreak does not matter
It's Threat Research Team found numerous new incidences of the mobile threat, Semi Jailbreak (SemiJB), which allows users to install applications, games and themes using the SemiJB Cydia appstore, where apps may not have undergone the standard Apple vetting processes. SemiJB was detected in 10 US and UK enterprises on its network.
There are several security implications for the corporation when employees use SemiJB devices. Unverified apps from unknown developers can be downloaded onto the device and allowed onto the corporate network, user privacy can be compromised, and apps built with weak security increase the risk of sensitive data leakage. A Man-in-the-Middle attack has the highest likelihood.
XCodeGhost still haunts iOS
XcodeGhost remains a severe threat to iOS devices. It is malicious code, which is inserted into iOS applications using a rogue version of Apple’s own Xcode, allowing the hacker to steal valuable data from the infected device. Following the discovery of the thousands of compromised apps in the Chinese Apple App Store, its Threat Research Team identified 36 different infected apps installed on thousands of enterprise devices.
Versions of popular applications including WeChat, WinZip, PDF Reader and CamScanner were found to incorporate the malicious code. This incident proves what security researchers have known for some time: that just like other mobile platforms, Apple devices remain vulnerable to the rise of sophisticated mobile malware attacks. In fact, this quarter we found that Apple devices are twice as likely to encounter mobile threats than Samsung devices.
How data is used
iCloud accounts for 1% of all cellular data - a fairly significant proportion. When roaming, email accounts for 25% of data used but this drops to 13% when at home. Similarly, mapping software is used almost twice as much when employees are abroad. But overall it seems users are becoming more careful with their roaming data usage – for example video is the most popular use of data and accounts for 17% of data domestically but this falls to a more prudent 5% when employees are roaming.