Posted March 10, 2016
Today’s post is an excerpt of findings from our new white paper “Mobile Security Threat Landscape: Recent Trends and 2016 Outlook” where we discuss some of the top cyber threats from 2015 as well as an outlook for 2016 mobile security.
As more people turn to their phones and other mobile devices, mobile applications are becoming a primary portal for interacting online. However, the more invested we become in mobility, the more we open ourselves up to new forms of intrusions from malicious actors.
As we move through 2016, here are what we see to be the top threats to the mobile security landscape this year.
The hacking of everything
The Internet of Things (IoT) – interconnected devices that can communicate without human control – is growing, and fast. Analyst firm Gartner estimates that there will be almost 21 billion IoT devices by 2020 and market research firm IDC predicts there will be 30 billion by that date. While the convenience-factor of IoT is great, the reality is that threat actors are taking advantage of all these newly-connected devices and hacking anything and everything connected to the Internet.
Apple devices will be hackers’ prime targets
In 2015, mobile hacking stories about new vulnerabilities found in Android devices dominated the news. However, as more people begin to use iOS devices in 2016, we expect hackers to expand their focus to target Mac OS X and iOS platforms. Since the App Store’s launch, Apple has touted strong security. Now, as hackers become more sophisticated, we are seeing more malware and vulnerabilities in Apple’s devices. Reports indicate that 2015 was the “most prolific year for Mac malware in history” with there being five times more cases of malware instances than 2010-2014 combined. Mac OS X and iOS also registered the most disclosed vulnerabilities in 2015, with OS X having 384 security flaws and iOS having 375. One malware in particular, XcodeGhost infected as many as 4,000 apps and compromised passwords and devices’ name, type, and universally unique identifier (UUID).
More mobile payment system vulnerabilities
In 2015, Apple Pay, Samsung Pay, and Android Pay continued to increase their footholds in the market as consumers looked to their smartphones as a means of payment. Many of these payment systems, such as Apple Pay and Android Pay are reliant on near field communication (NFC) technologies – a short-range communication system that uses near field (NF) wireless to connect compatible NF technologies together and exchange information without the need of an Internet connection. Apple Pay and Android Pay in particular are reliant on NFC technologies. Nevertheless, the hype around mobile payment systems has brought to light consumer concern around potential security ramifications of systems using NFC technologies.
Additionally, we provide a high-level overview of the current encryption debate.
Exploring the encryption debate
There has been substantial discussion with regards to tech companies being legally required to provide law enforcement with backdoors to access encrypted data. Events like the 2015 Paris terrorist attacks, where the attackers reportedly used “end-to-end” encryption to communicate through instant messaging services like WhatsApp and Telegram, have further emboldened calls for the companies who own the proprietary encryption software that drives these apps to voluntarily cooperate with law enforcement. However, end-to-end encryption, which protects data-in-transit (sometimes known as data-in-motion), is only one part of the problem facing law enforcement’s access to encrypted data.
To read more about each of these trends, download our white paper, “Mobile Security Threat Landscape: Recent Trends and 2016 Outlook” here.