Today, we bring to to our readers two expert opinions on Juniper Networks’ recent report which says that mobile malware has grown by 614% since 2012. Happy reading!
Enter: Ken Westin, Security Researcher at Tripwire:
Ken Westin, security researcher at Tripwire, said: “In spite of the increases in mobile malware, risk to the end users is still minimal. It should come as no surprise that there is an increase in mobile malware, there’s an obvious correlation between smartphone market growth and malware targeting specific platforms.
One thing this report doesn’t mention is the distinction between the amount of malware in the wild and the actual number of infected devices. We hear a lot about the mobile malware epidemic but there’s a distinct shortage evidence of device infection rates and very little information about the impact of these ‘infections’. It would be interesting to know how malware is defined by Juniper in this report -- is an overzealous ad network integrated into applications considered malware? If so, this would explain the high numbers.
The real threat in the mobile space is not from malware, but from legitimate applications consumers trust. We install social media applications, coupon/discount applications and others and routinely provide these applications with full access to our devices, from our photos, contacts, location, likes/dislikes and other personal data. We utilize free email providers with cryptic privacy policies. We do all of this without any knowledge of how the data these applications have access to is secured – it’s completely outside of our control once it leaves the device.
The majority of incidents where people claim to have had their phones hacked are usually the result of a service being compromised through weak and easily guessable passwords or hackers taking advantage of a vulnerability in an app or service providers’ infrastructure – hackers aren’t generally focused on stealing data from a single device. They get a much bigger ‘bang for their buck’ by attacking the infrastructure of a service providers like LinkedIn.”
Enter: Dwayne Melancon, CTO of Tripwire:
“The rapid proliferation of mobile devices, along with the use of personal devices in the enterprise, practically guarantees that mobile malware will continue to grow dramatically. While mobile OS makers are improving the security of newer versions of their operating systems, but older devices continue to run older, less secure versions. In some cases, it's because the devices don't support the newer releases; in other cases it's that users are comfortable with the status quo.
“If enterprises want to gain a foothold against mobile malware, one place to start would be to prevent devices running outdated OS's from joining their networks. I think of this as a "you must be tall enough to ride the ride" kind of an approach. Short of this kind of barrier, insecure versions of the OS will continue to threaten enterprise security.”