75% of Mobile Security Breaches Due to Misconfiguration

News Article - Thursday, 29 May 2014 12:33

By: Kerry Butters Category: Security

According to analysts at Gartner, 75% of all mobile security breaches in the enterprise are due to the misconfiguration of mobile apps.

This is a worrying statistic, not least because the analysts believe that by 2017 the focus will shift for attackers from PCs onto mobile and tablet devices as attacks on mobile devices continue to "mature”. In order for an attack to do any "significant damage” to a mobile device, it must have been altered at an administrative level.

"The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices. They escalate the user's privileges on the device, effectively turning a user into an administrator," said Dionisio Zumerle , principal research analyst at Gartner.

He also pointed out that a classic example of misuse at app level is due to the use of apps such as those that offer personal cloud services, which when used in the enterprise to share data leaks information in such a way that the organisation remains unaware of any breach.

The practice of jailbreaking, which is more often than not performed deliberately by users, means that app-specific protection is lost. It also means that there is a bigger danger of malware being downloaded to the device, potentially opening it up to all kinds of malicious activity.

Jailbroken devices are also much more vulnerable to brute force attacks on passcodes. To overcome this, Gartner recommend that firms use an enterprise MDM solution and put strong policies in place for employees on a BYOD scheme.

Users should then further be asked to opt in to enterprise policies and firms should be prepared to revoke access to those that don’t comply. It should also be required that users put in place passcodes that vary in length and complexity as well as use a specified minimum and maximum version of platforms and OS.

It’s also recommended that firms implement a no jailbreaking/rooting policy for those participating in a BYOD scheme.

"We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device," said Mr. Zumerle.

The issue will be explored in more depth by Mr Zumerle at the upcoming Gartner IT Infrastructure & Operations Management Summit 2014, June 2-3 in Berlin, Germany. For more information on the summit, visit the website here .

Recent Articles