Vulnerable operating systems can be exploited to gain control of endpoints and allow bad actors access to corporate data. Your firewalls, VPN, IPS/IDS are useless if an infected device has all the credentials to access corporate information. How common are vulnerabilities in mobile operating systems and do they really pose a risk to businesses?

If you have been following our security blog or threat research announcements you would know that 2019 was the tipping point for mobile operating systems, with a dramatic increase in the number of threats and attacks seen. Despite the numerous security features that Apple and Google put into their OSs, the reality is that they have become targets for malicious 3rd parties:

  • Mobile devices are often connected to “secure” corporate applications, sometimes without the security team’s knowledge it impossible to know if the devices are secure.
  • Outside of the native OS defense, mobile devices often have little to no security, if at all, and IT departments have little visibility of them.
  • Many mobile operating systems have been intentionally compromised by the end user.

“In 2019, the number of jailbroken iOS devices increased 50%” – Wandera Threat Landscape Report 2020

To compound the problem, the complexity of the OSs has introduced many unintentional vulnerabilities with the list of known issues expanding at a faster rate than ever. iOS exploits, in particular, have become common enough that Zerodium, a zero-day exploit broker, is offering more for Android hacking techniques than for iOS. This isn’t to say that breaking into an iOS device or any other type of mobile device is easy — zero-click iOS attacks are still valued at around $2 million.

An optimist would hope that the discovery of a vulnerability is “okay because Apple and Google release updates regularly”. The reality is that although updates are released quickly when there is a known issue, many users fail to update their devices. We found that a week after a severe vulnerability was found in iMessage in 2019,, over 90% of devices still had not been updated. To make matters worse the patch Apple released reintroduced a known vulnerability, exposing devices to an equally dangerous attack.

“29.1% of iOS devices are running a severely out-of-date operating system” – Wandera Threat Landscape Report 2020

It is important to note that it is not just mobile operating systems that pose a risk, last year it was revealed that WhatsApp could be exploited by third parties to exfiltrate data from devices. This vulnerability not only affected hundreds of millions of devices, it was also used to target Jeff Bezos’ phone and steal large amounts of his personal data.

Wandera can provide visibility of devices’ health, identifying and flagging any devices that have vulnerable, outdated versions of apps or OSs. You can also take advantage of adaptive access policies to protect your business. Adaptive access allows you to automatically restrict access to corporate applications when high levels of risk are detected. This form of immediate response is essential for keeping your business secure.

The Wandera Security Cloud enables adaptive access thanks to MI:RIAM, the industries most advanced mobile threat intelligence engine. MI:RIAM ingests contextual information from the lightweight Wandera app installed on endpoint devices and uses it to calculate a mobile risk score that can be used to apply adaptive access policies. Adaptive access policy can be applied natively within the Wandera Security Cloud to restrict access or through third party technologies by integrating them with Wandera’s APIs.