Report: Most Mobile Breaches Result of App Misconfigurations by 2017

Three-quarters of mobile security breaches will be the result of application misconfigurations by 2017, according to a new forecast by market research firm Gartner.

The company predicts that 2.2 billion smartphones and tablets will be sold to end users this year, yet security incidents stemming from mobile devices are still "rare."

"With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing," according to a news release from the company. "By 2017, Gartner predicts that the focus of endpoint breaches will shift to tablets and smartphones."

"Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices," said Dionisio Zumerle, principal research analyst at Gartner, in a prepared statement. "A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices."

To do more severe damage via mobile devices, malware needs devices with administrator-level alterations, such as a jailbroken iPhone or a rooted android device.

Rooting and jailbreaking are usually performed deliberately by a device's owner because they allow access to resources that are usually inaccessible. But they also jeopardize data. "This is because they remove app-specific protections and the safe 'sandbox' provided by the operating system," according to information released by Gartner. "They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data. 'Rooted' or 'jailbroken' mobile devices also become prone to brute force attacks on passcodes."

To secure mobile devices Gartner recommends a mobile device management policy with baseline features including:

  • Require users to opt in to enterprise policies. If their devices are not in compliance, deny access or provide only very limited access;
  • Require length and complexity minimums for passcodes and strict retry and timeout standards;
  • Limit the versions of platforms and operating systems allowed to those that can be supported;
  • Do not allow jailbreaking, rooting or the use of third-party app stores. Disconnect any devices in violation from sources of business data and consider wiping them; and
  • "Require signed apps and certificates for access to business email, virtual private networks, Wi-Fi and shielded apps."

"We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device," said Zumerle.

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • blue AI cloud connected to circuit lines, a server stack, and a shield with a padlock icon

    Report: AI Security Controls Lag Behind Adoption of AI Cloud Services

    According to a recent report from cybersecurity firm Wiz, nearly nine out of 10 organizations are already using AI services in the cloud — but fewer than one in seven have implemented AI-specific security controls.

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Intros Advanced AI-Powered OCR

    French AI startup Mistral AI has announced Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.

  • teenager interacts with a chatbot on a computer screen

    Character.AI Rolls Out New Parental Insights Feature Amid Safety Concerns

    Chatbot platform Character.AI has introduced a new Parental Insights feature aimed at giving parents a window into their children's activity on the platform. The feature allows users under 18 to share a weekly report of their chatbot interactions directly with a parent's e-mail address.