Mobile Innovation Has Become An OS Nightmare
There’s been more mobile operating system innovation in 2017 than any year since the smartphone was brought to the enterprise, but with advancements in technology come inherent risks in security. And the world’s two largest mobile OS creators, while pushing the ball forward, have opened their users to a new world of threat vectors and hacking capabilities.
And who does this impact the most? The enterprise workforce, of course. Why? Gaining access to a single mobile device connected to a Fortune 500 company’s data spells complete disaster.
Arguably 2017’s biggest tech announcement came from Apple, which released its iPhone 8, iPhone 8 Plus, and the iPhone X, all carrying the iOS 11 platform. While the new system’s capabilities were quickly adopted by the masses, and companies utilizing Apple mobile devices were on board from the Beta stage, the upgrades still created massive vulnerabilities.
One of those was the inability to turn off the OS’s Bluetooth and Wi-Fi connectivity for periods of time the way it was done in previous versions. In iOS 11, users could swipe up for the control center and turn off those functions, but they’d automatically reconnect when the user entered a new location or service area with connectivity capabilities. This, for a mobile user not constantly checking in and out of their settings, becomes a nightmarish possibility.
Considering Apple’s long time, seemingly ironclad operating system showed a kink in the armor in August 2016, when a Middle Eastern humanitarian received a smishing text that, if accessed, would have turned his iPhone into a spying device, hackers have been gaining steam on iOS and its possible entry points, especially with enterprise users.
So this means anyone with an Apple device running iOS 11 is subject to a Wi-Fi infiltrated hack, not necessarily due to human error, but because of innovation oversight. In October, a new “KRACK Attack” was found, which could target any – ANY – Wi-Fi enabled device, regardless of operating system.
But with cracks in the landscape that spur new hacker threats come security innovations, and Apple knows it needs to keep on point.
“Apple continues to augment the layered security elements in iOS which has made the platform impenetrable and (even) has authorities asking for help when they need to (get into) devices,” said Eric Klein, Mobile Analyst with VDC Research. “The key for both Apple and Google is the ability offer a high level of security without compromising the user experience. While Apple’s use of hardware-level AES-256 cryptography to provide full-disk encryption and fast remote wipe capability is well known, Apple has also implemented important features around sandboxing (applications are limited in where they can write data and are prevented from accessing data or code from other applications) – to share information with other applications, developers need to communicate through iOS APIs or services. Apple also (finally) enhanced the passcode protection element in iOS, moving to a six-digit passcode as a substitute for Touch ID.”
As previously reported by Enterprise Mobility Exchange, the world’s largest mobile operating system has also become its least secure. It’s not a good look for Google’s Android platform, where most of its infections and threats are coming through its app store, Google Play – which doesn’t have the stringent guidelines of approval that Apple does.
In the last 12 months, 68.5% of infected mobile devices ran an Android operating system, while just 3.5% ran iOS (all variations).
See related: The Most Widespread OS Is The Least Secure
Constantly updating its myriad of operating system variations, Android is self-policing, and announced a massive patch effort for the month of December.
“All supported Google devices will receive an update to the 2017-12-05 patch level,” the company wrote on Dec. 4. “We encourage all customers to accept these updates to their devices. In addition to the security vulnerabilities described in the December 2017 Android Security Bulletin, Pixel and Nexus devices also contain patches for the security vulnerabilities … Partners were notified of these issues at least a month ago and may choose to incorporate them as part of their device updates.”
As IT administrators know, leaving these responsibilities to employees is essentially asking for non-compliance, hence the need for mobile device management solutions or enterprise mobility management suites so the IT team can simply push a patch or update to thousands of devices in a single move.
But Android’s inherent security is getting better, and giving peace of mind to enterprises deploying that operating system.
“As for Android, the platform now includes SELinux enforcement for all applications, which ultimately reduces the effects of malware,” Klein said. “Device protection mechanisms have also been improved, and can help to keep a device locked even if it’s factory reset – features like this are important for enterprise use as they add an extra layer of security to lost or stolen phones, similar to the reactivation lock features found on Samsung and Apple devices.”
If the most widely used operating systems in the world have inherent vulnerabilities, how are enterprises supposed to secure their workers and data? Sadly, the full scope of companies with mobile capabilities admit they aren’t prepared.
In a surveyed report conducted earlier this year from Dimensional Research, key findings showed IT professionals were woefully unprepared. The survey showed 64% of respondents are “doubtful their organizations can prevent a mobile cyberattack,” and more than one-third of companies “fail to adequately secure mobile devices.”
What’s worse is that this information is coming despite organizations already falling prey to these issues. Twenty-percent of companies’ mobile devices have already been breached, and 24% don’t know whether or not they experienced a breach, respondents said.
“CIOs and IT administrators must pay attention to the native security features of iOS and Android as they continue to evolve,” Klein said. “Compliance intensive organizations have no choice in the matter.”
What’s your team doing to keep up with the ever-changing mobile operating system landscape? How is the enterprise kept secure from hackers who are in step with every upgrade and innovation?