Your Mobile Device Could Have Major Security Holes.

Updated on :September 30, 2023

Can running an out-of-date version of an operating system make your mobile phone vulnerable? Duo security, the Ann Arbor-based two –factor access authentication developer says - Yes. It conducted a new study of more than 1 million mobile devices and has released its findings. The results put devices of both android and iOS operating systems in the dock.

An analysis of iOS devices revealed that only 20% of iPhones run on iOS 9.2, Apple’s latest operating system. Remaining 80% of the devices run on older operating systems of Apple. The problem with outdated devices is that they are vulnerable and open to attacks. Older iOS devices have vulnerabilities like Quicksand and Ins0mnia which makes these devices risky to use and susceptible to attacks. Quicksand exposed sensitive credentials and configurations and stored them in an unprotected iOS directory. Ins0mnia allowed background apps to steal data and drain battery devices.

31% of all iPhones run on iOS 8.2 or below. 14% of iPhones run iOS 7 or below.

Half of all iPhones today are running iOS 8.3 and or lower. It means 1 in 2 iPhones has outdated software. They are all missing the updates that addressed over 100 vulnerabilities in iOS 8.4 and iOS 8.4.1.

There are more than 700 million iPhones in the hands of people today. More than 20 million mobile devices connected to enterprise networks are no longer supported by their manufacturers according to an estimate by Duo Security. These devices do not receive the updates and cannot be upgraded to the latest versions of the software. Updates help the devices fight the vulnerabilities and bugs. According to Duo Security, there are many devices available in the market, which cannot receive updates; some of them brand new ones. Any device that is devoid of manufacturer’s support is a security concern. It cannot fight the bugs and the overall hygiene of the app is not up to the mark.

Related: Stay Competitive In The App Development Industry

The oldest platform that Apple still supports is iPhone 4s. This platform will be supported in iOS9 too. If Apple decides to discontinue support to iPhone 4s the number of devices that would stop receiving security updates would reach 60 million which is a lot. Imagine 60 million vulnerable, unstable iPhones around precious data, and the reality seems scary.

Within Android’s ecosystem, mobile devices that were running on the latest Android operating system Android 6.0 was just 6%. 94% of Android users were using older Android operating systems. 20% of Android devices are running 5.1.1. 32% of Android devices in use today run 4.0 or still older versions of the operating system. All of these devices which remain in use are vulnerable to attacks such as that of Stagefright. Stagefright allows a hacker to compromise the android operating system with the help of a buggy video or a photo.

The study shows that rooting the android devices is creating other sets of problems altogether by compromising the inbuilt security of the phone. According to the data, one android device out of 20 is rooted or jailbroken compared to 1 in 250 iPhones. Users of rooted phones have root level access to the operating systems. Rooted devices circumvent all inbuilt security architecture. These rooted android devices are then used in corporate networks rendering it vulnerable to attacks and threats.

Without updates these devices which are still in the market are a huge threat to organizations and enterprises. One vulnerable device will put the safety of the data of the entire organization in danger.  IT, communications and networking departments should have policies to curtail and contain threats from these vulnerable and several of them undoubtedly compromised devices. There are certain measures that can be taken to counter such threats.

The Remedies

There should be clear guidelines and policies that establish the do’s and don’ts relating to mobile device security.

Employees should be educated about updates. iOS updates automatically and quickly but Android updates take time. Duo Security encourages android users to use Nexus devices. Nexus devices receive direct platform updates more frequently and quickly. It doesn’t depend on carrier/OEM deployment hence, the delays are avoided.

All the employees with jailbroken or rooted phones should be asked to keep their devices away from accessing any kind of corporate data and systems. All employees should have passcodes and must have fingerprint screen locks that keep away the sensitive data on mobile phones. Passcodes are important to safeguard your data but 1 in 3 Android devices don’t use passcodes on their lock screens. 1 in 20 Apple devices there is no passcode lock screen enabled.

Related: Mobile App Development Cost & Time.

In Conclusion:

Find out a way to detect users who have missed security updates and encourage them to run updates at a convenient time. Any hardware that is not supported by the security updates from the manufacturer should be replaced. Outdated hardware, unsupported devices should not be used. Employees using personal devices to access company data must constantly check for updates. Use tools on devices to detect vulnerabilities. Duo Security recommends android users to use free tools such as Duo’s X-Rayapp to keep their devices safe.

Source: Duo Security Report.

Read Similar Blogs

Top 8 Reasons to Outsource React Native Development Services

Top 8 Reasons to Outsource React Native Development Services

48% of developers use React Native to build mobile applications, as it is one of the most powerful frameworks available today for building cross-platform mobile ... Read more

Are Open-Source, Subscription-based Apps the Future of Social Media?

Are Open-Source, Subscription-based Apps the Future of Social Media?

Social media sites have been around since the early 2000s at least, and over the past two decades, they have undoubtedly grown to dominate significant aspects o ... Read more

How To Hire Flutter Developers in 2024 ( Affordable Locations, Technical & Soft Skills )

How To Hire Flutter Developers in 2024 ( Affordable Locations, Technical & Soft Skills )

While it's true that quality often has a premium attached, this isn't always the case when hiring Flutter developers. Budget-friendly destinations ... Read more