iPhone, iPad become apple of cyber criminals' eye
Sheer iOS traffic is making Apple the lowest hanging fruit, Zscaler's State of the Web Report finds
May 17, 2012 — CSO — Apple devices -- ever more popular in the workplace -- are about to become more popular with cyber criminals.
That is one of a number of findings in security vendor Zscaler's Q1 State of the Web Report that should be unsettling to enterprises that permit employees to "bring your own device," or BYOD.
The biggest mobile targets of malware so far have been devices powered by Android, since it is in the widest use and is an open platform.
But that may change soon. Zscaler's report said in a survey covering 200 billion transactions, Apple iOS web traffic jumped from 40% in the last quarter of 2011 to 48% in the first quarter of 2012, surpassing Android, which dropped to 37%.
More iOS traffic means more Apple devices in use at enterprises, which is likely to make them more attractive to cyber criminals.
And a significant majority of enterprises allow BYOD: A survey released in April by the SANS Institute found that 61% of more than 500 companies surveyed allowed BYOD. A press release announcing the survey included as part of its headline: "Lack of awareness, chaos pervades with BYOD."
The so-called "consumerization of IT" is an apparently unstoppable trend. And most businesses don't want to stop it, because of the advantages that collaboration and social networking with mobile devices can bring to the enterprise. Still, increasing security threats could undermine those advantages.
Blake Turrentine, CEO of HotWAN and trainer at Black Hat, has been a penetration tester for more than 12 years. His continuing mantra is, "most everything you do on a smartphone can and may be monitored," although he does qualify that by saying he believes Apple iOS devices that are kept up to date with the latest firmware are relatively secure.
Rachel Ratcliff Womack, a vice president with the digital security firm Stroz Friedberg, told The Bottom Line's Herb Weisbaum on MSNBC that most people carry both business and personal information on their mobile devices. "It brings those two worlds together in a very convenient package for criminals to target," she said.
And the damage malware can do is the same as on other devices: steal personal information, drain bank accounts and spy on users.
"[Yet] users may view these devices as eminently secure, when in reality they are just waiting to receive more attention from cyber criminals," James Lyne, director of technology strategies at the online security firm Sophos, told Weisbaum.