With the continuous increase in the sale and use of smartphones and tablets, Gartner, a US-based technology research company has uncovered that 75% of mobile security breaches will be the result of mobile application misconfiguration.[blockquote right=”pull-right” cite=”Gartner”]”The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” Zumerle said. [/blockquote]
The technology research company has also predicted that the focus of endpoint breaches will shift to tablets and smartphones by 2017.
Dionisio Zumerle, principal research analyst at Gartner disclosed that “Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices. A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”
According to Gartner, malware needs to act on devices that have been altered at an administrative level to do significant damage in the mobile world.
“The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” Zumerle said.
These methods allow users to access certain device resources that are normally inaccessible and put data in danger. This is because they remove app-specific protections and the safe ‘sandbox’ provided by the operating system. They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions, including extraction of enterprise data. ‘Rooted’ or ‘jailbroken’ mobile devices also become prone to brute force attacks on passcodes.
The best defense is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and ‘containers’ that protect important data, Gartner concluded.