Tag Archive for: ios

Android more vulnerabilities, iOS more zero-days

/in


smartphone

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022. 

In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working.

This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.

Volume of phishing sites targeting mobile users
Volume of phishing sites targeting mobile users (Zimperium)

Zero-day vulnerabilities are publicly disclosed or actively exploited bugs with no fixes available from the vendor or developers. As it is vital to fix zero-day bugs, vendors typically rush to release security updates once they are disclosed.

However, according to Zimperium’s client stats and a survey conducted for the report, only about 42% of people working in BYOD (bring your own device) environments applied high-priority fixes within two days from their release.

Roughly one-third required up to a week, while a significant 20% hadn’t patched their mobile devices before reaching the two-week mark.

Threats by region

In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle (MiTM) attacks. These attacks are aimed at stealing sensitive information that plays a crucial role in more significant attacks against corporate networks.

The most prevalent threats for each region of the world in 2021 were the following:

  • Asia/Pacific – malicious websites, malware, MiTM
  • Africa – malware
  • Europe – malware, malicious local scans, MiTM
  • North America – malware, MiTM
  • South America- malware, malicious local scans

Globally, mobile malware was a problem encountered in 23% of all endpoints protected by Zimperium in 2021, followed by MiTM (13%), malicious websites (12%), and scans (12%).

Types of mobile threats logged globally in 2021
Types of mobile threats logged globally in 2021 (Zimperium)

Android vs. iOS

The mobile operating systems market is dominated by a duopoly of Android and iOS, so inevitably, all comparisons under any spectrum revolve around those…

Source…

Australian man alleges all of his iOS and macOS devices have been persistently hacked

/in




AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

An Australian man claims to be the victim of an incredibly wide and persistent hack of all of his Apple devices — but his claims that a dating app did it don’t quite add up.

Towards the tail-end of 2019, Simon Edwards noticed that legitimate websites began being populated by pop-up ads. He also encountered trouble sending emails even if the email service had confirmed a successful delivery, and his screens would “constantly jump and shake.”

He began receiving dozens of scam calls a week. Then, he noticed that app icons on his phone would gray out and become unusable. Soon after, he resorted to factory resetting his iPhone “every two hours”.

His smart TV, car, and security cameras were connected to the iPhone via Bluetooth. He noticed that apps were disappearing, and the security cameras would occasionally come up with gaps in their feeds. He also noticed that a “Pegasus spyware warning” would show up whenever he sent an email. Screen Mirroring has also been turned on inexplicably, streaming the live displays of his iPhone and laptop to “an unknown person.”

At the same time, he began to lose his social media accounts to hackers, he told News.com.au. After hackers racked up debt in his name, he had to cancel his credit card. His bank had to recover around $8000 in fraudulent spending on his credit card, Afterpay, and Uber accounts. $1500 was spent through his Apple ID account. A fraudulent tax agent added themselves to his ATO tax account, changing years of his tax lodgings, and tried to intercept a $10,000 tax return.

He began to wonder how the cyberattacks had been occurring. He first believed a work computer of his was infected and had spread the malicious code to the rest of his devices. This claim has been denied emphatically by his employer. His employer has also hired an independent third-party IT contractor, the latter finding no signs of any cyber breach on any of the firm’s work devices.

Edwards took his iPhone and laptop…

Source…

DressCode Android Malware Discovered on Google Play | SandBlast Mobile Security | Android

/in



Check Point: A Founding Member of the AirWatch Mobile Security Alliance | Mobile Threat Prevention

/in