The world’s top companies use wandera Learn Why Try Wandera for Free

Mobile vulnerabilities: the culprits your business needs to know about

Mobile vulnerabilities: the culprits your business needs to know about

1400 963 Michelle Base-Bursey

Threats. Risks. Attacks. Vulnerabilities. Think they’re all one in the same? Think again.

Of course, these are all things you’d like for your organization to avoid, but differentiating between them is key to understanding how your business could ultimately come under attack.

Vulnerabilities are known as the ‘lurking culprits’ within your mobile fleet. You would likely never know they were there until one was specifically exploited. These weak points are flaws in OSs that third parties exploit in order to gain access to devices and the valuable data they contain.

Understandably, It’s not always practical or realistic to make sure every single device in your fleet is on the latest OS – but not all outdated versions pose the same risk.

A new report from Wandera delves into the world of mobile vulnerabilities, focusing on their prevalence and severity over the past five years. The analysis also provides a practical guide for admins, including a threat score for the most common OSs running within Wandera’s global network of devices.

Download the full report

Mobile vulnerabilities by type

It’s vital to understand that there many different types of vulnerabilities that have the ability to affect mobile devices in varying ways. The official database of Common Vulnerabilities and Exposures (CVE) breaks vulnerabilities out into seven distinct categories:

Denial of Service (DoS)

A Denial of Service vulnerability is a weakness in the OS that makes the device susceptible to a DoS attack. DoS attacks are primarily focused on making a resource unable to function properly. DoS of vulnerabilities usually results in a mobile device being used as a ‘bot’ to perpetuate larger Distributed Denial of Service attacks.

Code execution

A code execution vulnerability is one that allows a hacker to arbitrarily execute code on a device. This code usually results in some command being carried out on the affected phone such as, a malware-ridden app being downloaded or data being sent to a malicious third party server.

vulnerabilities.

Overflow

An overflow vulnerability is a flaw in OS code that can lead to hacker exploitation and subsequent overwriting of device executable code and data. Basically, a flaw in the preventative overflow mechanism of the device allows a third party to overwrite code in the memory location of the phone. The result of this vulnerability being exploited is usually erratic device behavior and/or substantial data loss.

Memory corruption

A memory corruption vulnerability is a programming error in the operating system that leaves the memory component of a device open to exploitation by a hacker. This type of vulnerability can lead to a device crashing as well as other odd behaviors.

Bypass something

A bypass something vulnerability, also known as a ‘back door’ in an OS, makes a device susceptible to a third party circumventing a layer of protection set up by the user, administrator or OS itself. Bypass attacks usually involve a hacker ‘getting around’ the security authentication procedure of a device.

Gain Information & Gain privilege

A gain information or gain privilege vulnerability is one that allows a hacker to exploit a flaw in the operating system, to either gain access to private information or a heightened permission level on the device. Attacks of this nature usually result in the exfiltration of personally identifiable information from the device to an external hacker.

The trends

The vulnerabilities report recognizes a number of insightful trends:

  • The most prevalent vulnerabilities recognized for the following OSs are as follows:
    Android OS: Overflow
    iOS: Denial of Service
    Overall: Code Execution
  • In 2017, Android dominated in terms of prevalence of OS vulnerabilities, however, cumulatively since 2013, the split between iOS and Android vulnerabilities is nearly 50:50.
  • Every year since 2013, the number of overall vulnerabilities, recognized by CVE, has increased.
    2013 to 2014: 31% increase
    2014 to 2015: 279% increase
    2015 to 2016: 34% increase
    2016 to 2017: 36% increase
  • Apple has been more effective than Android at reducing the overall number of vulnerabilities affecting its OS year over year. Apple has released over 50 new versions of iOS since 2013 while Android has released only 30.

The report

For an in-depth analysis of each type of vulnerability, along with advice on how to proactively protect your mobile fleet, download the complete vulnerabilities analysis now.

A comprehensive knowledge of known mobile vulnerabilities is the first and most important step in understanding where, why and how your devices could be left open to attack.

The latest mobile threats that you should know about

Our Threat Advisories present useful information on new mobile threats, their implications and practical steps for remediation and prevention, enabling you to swiftly address each new threat before it impacts your business.

Learn MORE