It is no longer a matter of if or when an enterprise’s mobile endpoints will be compromised. They already are and most organizations have little to no knowledge or visibility of the compromise, according to a new Zimperium report.
Device threats and attacks
- Mobile OS vendors created patches for 440 security vulnerabilities.
- Twenty seven percent of enterprise mobile endpoints were exposed to device threats.
- The majority of malicious profiles (68 percent) were considered “high-risk,” meaning they had elevated access that could lead to data exfiltration or full compromise.
Network threats and attacks
- One third of enterprise mobile endpoints encountered risky networks, and almost one out of 10 were exposed to network attacks.
- Man-in-the-middle (MITM) attacks were 93 percent of network threats and 86 percent of all threats.
- The top five countries with the highest number of network attacks are: Republic of Korea, Japan, United States, China and the United Kingdom.
Applications threats and attacks
- Forty five percent of all attacks detected on Android devices were malicious apps versus less than one percent of those detected on iOS. Ninety eight percent of all detected malicious apps were on Android.
- Five percent of enterprise mobile endpoints had sideloaded apps from sources outside the authorized and vetted Apple App Store or Google Play Store. Thirty six percent of the Android devices had sideloaded apps versus two percent of iOS ones.
- Seventy percent of iOS apps had advertising capabilities and iOS Bluetooth beacon usage exploded to 69 percent of apps (from 38 percent at the beginning of 2019).
- Twenty four percent of iOS apps passed sensitive information over the web unencrypted.