Mobile Device Security and Threats: iOS vs. Android
Which devices provide a safer experience—iOS or Android? Many users claim that iOS is more secure, with few vulnerabilities, and Apple’s regular updates provide security patches in a timely manner.
But for organizations using mobile devices, the answer is a little more complex. The Android operating system (OS) is more customizable with its open OS and the ability to sideload applications. Additionally, Google makes strenuous efforts to keep the OS updated and secure. Company security policies regarding download permissions for applications can also do much to secure an Android device.
The bottom line is that organizations will have to weigh security against flexibility, especially in scenarios where a company has a bring-your-own-device (BYOD) policy. In many cases, they would have to strategize for both operating systems.
Top 9 Mobile Security Threats
With increased mobile usage comes increased security threats. Recent statistics show that more than60% of digital fraud casesare initiated via a mobile device.An unsecured mobile device can become an access point for countless malicious attacks.
Malicious applications and websites
Just downloading a malicious application or visiting a malicious website may be enough to infect your device and the network it is connected to. The website or application may attempt to install malware on your device, or they may prompt you to allow an install that looks legit but is in truth malicious.
Applications with weak security
Apps with weak security put your data at risk. They do not offer adequate encryption for stored data or data in transit. This can result in a href="/content/fortinet-com/en_us/resources/cyberglossary/identity-theft.html">identity theft, intellectual property theft, or loss of business-critical data. Downloading such apps to your device can compromise not only your personal information but also your organization’s data.
Data leakage
Data leakage is a slow data breach that can happen in two ways:
- Physical leakage via sharing or theft of portable storage devices, such as USB drives or external hard drives
- Electronic leakage when data transmission pathways are compromised by an unauthorized device, and data is stolen while in transit. With mobile devices, this can be a result of giving apps too many permissions.
Mobile ransomware
Mobile ransomware does what it sounds like. It will hold your device at ransom, requiring you to pay money or information in exchange for unlocking either the device, certain features, or specific data. You can protect yourself with frequent backups and updates.
Phishing
Phishing attacks most commonly target mobile devices because people seem more inclined to open emails and messages on a mobile device than on a desktop. Part of the reason is that the smaller screen only shows a partial sender name or subject line, making it harder to identify suspect emails. Additionally, mobile notifications are easy to click on, and many users click on them almost as a habit.
Man-in-the-Middle (MITM) attacks
In MITM attacks, a hacker positions themselves between two parties who believe they are communicating directly with each other. This allows the hacker to trick a user into inputting credentials and steal sensitive information given in full trust. Since mobile devices are frequently used for communication and account logins outside the office, they can represent a significant risk for organizations today.
Network spoofing
Network spoofing happens when malicious parties set up fake access points that look like a legitimate Wi-Fi network that users can connect to. These traps are set up in high-traffic areas frequented by employees using their mobile devices to connect to work-related applications or systems. A common trick is to offer “free” Wi-Fi if users set up an account first. The goal is to access passwords and other personal data.
Spyware
Spyware is a type ofmalwareinstalled on a device without the user’s knowledge. Once there, it gathers data about you, your habits, and activities, and sends it to a third party without your consent. For this reason, some spyware is also called stalkerware.
Identity theft
Since mobile devices often carry personal and financial data, a compromised device can lead to identity theft. Malicious third parties can steal this data electronically or by physically stealing your device.
