Android malware growing, iOS devices increasingly at risk
Most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack.
Manish Gupta, SVP, FireEye
Of those, 18% were in categories with potentially sensitive data, including finance, medical, communication, shopping, health, and productivity. Additional research conducted in the second half of 2013 found a 500% increase in the number of Android apps designed to steal financial data.
"Today, mobile apps represent a significant threat vector for enterprises," said Manish Gupta, senior vice president of products at FireEye.
"Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications."
The report identifies a new delivery channel for iOS malware that bypasses the Apple App Store review process. Attackers can take advantage of enterprise/ad-hoc provisioning to deliver malicious apps to end users, either through USB connections or over the air. FireEye researchers found more than 1,400 iOS apps publicly available on the Internet introducing variants of security issues, signed and distributed using enterprise provisioning profiles.
FireEye's analysis indicates that mobile users face risks on many fronts today including: malicious apps that steal information once installed; legitimate apps written insecurely by developers; legitimate apps using insecure or aggressive ad libraries; malware/aggressive adware that pass Google Play checks and are thus assumed safe; identity theft; and premium rate phone and SMS fraud. ■