By Roxane Suau, VP Marketing for Pradeo

It’s not unusual to hear people say iOS is intrinsically secure. But is this common thinking true? Can’t devices running on iOS be compromised? Correctly answering that question requires us to take multiple criteria into consideration.

At a time when lots of companies have equipped their workforce with iOS and more C-levels choose to rely on them, cybercriminals are showing a growing interest in iOS devices, developing new techniques to extract valuable data from them.

The Pradeo Lab did some research on the matter and published the white paper, “Threats targeting Apple mobile devices.” The results go through application, network and device-borne threats and show how iOS is affected by attacks operating on these various layers, compared to Android. This article features some of the key findings.

Attacks specifically designed to compromise iOS are real…

Malware exists for all mobile OS but works differently according to its target. On iOS, 2% of mobile apps hide a malicious program, compared to 5% on Android (source: Pradeo – Mobile Threat Landscape 2019). Until two years ago, iOS malwares were almost exclusively exploiting jailbroken devices. But now, latest discoveries show they are enabled with new capabilities allowing them to also compromise non-jailbroken devices (like the TouchID malware found in official apps), greatly widening their scope.

Like malware, OS vulnerability exploit has to be adapted to the system it targets. Since 2011, the number of iOS patched vulnerabilities has grown by 51% (source: Venturebeat.com). Even though the editor of the OS usually quickly develops security patches and pushes updates to users, it still represents an increasing number of opportunities for hackers.

…and some threats are adaptable to exploit any mobile OS

Data exfiltration through mobile applications is the most spread mobile threat on iOS, with 61% of apps sending users and/or device data through the network, most of the time to monetize their existence and sometimes for shady reasons.

On another level, attacks through the network are as active on iOS as on any other mobile OS, as they don’t operate on the device to be perpetrated and rely on the same techniques for all OS. As a result, iOS devices are vulnerable to communication interception and data theft carried out through Man-In-The-Middle attacks via Public WiFi, rogue cell towers and phishing campaigns via SMS, emails, messaging apps, etc. 

Prevent mobile risks on iOS with VMware WorkspaceONE + Pradeo Security

VMware and Pradeo partnered up in 2015, both determined to provide organizations with the most modern, efficient and secure way to handle mobility. The integration of Pradeo Security Mobile Threat Defense with VMware WorkspaceONE enables customers to easily manage their mobile framework while making sure their data and applications are protected. To know more about the integration, visit www.pradeo.com or marketplace.vmware.com.

 

Try our VMware Workspace ONE Advanced Hands-On Lab here