According to security firm Skycure, 2-in-100 mobile devices are already infected with malware or under attack.
While no device is immune, compromise rates were highest on Android devices with around 1-in-3 harbouring a nasty secret.
Furthermore, over a quarter of Google-powered smart devices were found to been opened up to third-party app installation, allowing unofficial apps to be installed from outside of the official store environment. Interestingly, this risky situation is more evident within the business environment (33%) than with personal devices (20%), primarily because some organisations have a need to install their own enterprise apps.
The company’s Mobile Threat Intelligence Report also reveals how more than 15% of Android devices have USB debugging enabled, providing a conduit for malware to travel from a computer to the device.
Data compiled from millions of monthly security tests also reveals other risks, including the fact that around 30% of all devices were running an outdated operating system – one in three Android devices are susceptible to recent high-profile attacks, simply because manufacturers have failed to make operating system updates available to the end-user.
Before Apple fans get too carried away, it should also be noted that around a quarter of iOS devices are running an out of date version of the operating system, though it is unclear whether that is due to a large number of older, ineligible devices remaining in use, or through a lackadaisical approach to security from a subset of users.
The report did note that jailbreaking within the enterprise environment was almost unheard of though and, while the rooting of Android devices was far more prevalent, it too was significantly less likely on business devices, though not entirely unseen.
Overall, Skycure concluded that the risks faced by mobile devices are continually increasing and that around 22% of smartphones and tablets would face a network threat over a period of one month, increasing to 40% over a three month period.
One thing that certainly doesn’t help here is the report’s most important discovery, the fact that 52% of smart devices are not locked down with even the simplest of protection.
Given the vast array of options available now, from pass codes to pass phrases, and swipe patterns to fingerprint scans, I think it may be fairly safe to agree with the conclusion of Adi Sharabani, CEO of Skycure, who said:
Threats to mobile devices are real and based on what we’re seeing in this report people aren’t doing enough to protect themselves.
Overall then, the report paints a pretty scary, if not totally unexpected, picture of mobile compromise.
It’s good to see that many enterprises appear to have mitigated the risk of having rooted or jailbroken devices added to their networks but, overall, its reasonable to conclude that the human factor is the biggest issue when it comes to device security, especially in terms of the basics.
With around half of all users failing to implement even the simplest of security measures on their personal or work devices, its easy to imagine what sort of other risky behaviour they are engaging in.
So the question is, what are your employees or family members doing with their mobile devices?
Are they aware of the risks posed by malware, or the damage that could be done to your organisation, or their own personal lives, should their smart phone or tablet become lost or stolen?
How could you lessen those risks by talking to them about security and providing a little awareness training that could help them in both their professional and private lives?