It is reported that there is a problem of causing data to leak at a rate of 1 out of 50 iOS applications
In a report released by Zimperium (Jimperium), which provides security solutions for mobile terminals using AI, data handled by one of 50 business applications for iOS is leaked It is clarified that it contains the risk of getting rid of it.
Zimperium_Mobile_Threat_Report_Q 2 _ 2017
(PDF)http://go.zimperium.com/threat_report_q2_2017
Threat Report Says 1 in 50 iOS Apps Could Leak Data | SecurityWeek.Com
http://www.securityweek.com/threat-report-says-1-50-ios-apps-could-leak-data
Jimperium's offering "zIPSZimperium Intrusion Prevention System (Zimperium Intrusion Prevention System) is to detect abnormal movements of applications in the terminal by using AI. By having AI learn daily actions in advance, we have a mechanism to notify you of the threat when an application showing unusual movement appears.
Analyzing the security risk of the mobile terminal detected by Jimperium, the contents are "Device threat"Sent through the telephone networkNetwork threat"And information leaks from malware and spyware, applications such as"Application threatIt is clarified that it falls into three categories.
In general, iOS, which is often said to be more secure than Android, security concerns on both platforms are increasing rapidly. Identifier assigned to vulnerability included in individual productCVEThe number of Common Vulnerabilities and Exposures (Common Vulnerability Identifiers) was less than 200 in 2014, but it rose to about 600 in 2016. In addition, as of October 2017, CVE which is already more than the total number of registrations in 2016 has already been registered.
It is said that this is not related to the situation where smartphones are being used more often at business sites. The report says "Cybercrime tends to attack from the most aggressive point, it can be managed by a smartphone often connected to public Wi-Fi and away from a secure network, and internal administrator It can be said that data concerning the business of companies that are often handled on a small number of mobile applications is one of the most vulnerable data, "the risk that corporate data is handled in a low security environment is It has been pointed out. In addition, the fact that American consumers operate mobile terminals for 5 hours a day is also disclosed.
Also, terminals that have not been updated to the latest state of software will also be one factor that increases security risk. In fact, 94% of the Android terminals used around the world are not in the state of being patched up to date, 23% of the iOS terminals are not up-to-date, it is in a non-secure state Has been revealed. Although iOS has the feature that it can easily update the OS compared with Android, one user in five also knows that it does not update within 45 days even if the latest OS is released and uses it as it is It is said that. Because users do not want to change familiar environments, or because they are simply troublesome, there are a few users who are using the old OS, but since vulnerabilities found in older versions are often counterbalanced by the new version, It is also necessary to respond as soon as possible in order to protect the safety of the company.
It is not often commonly referred to as "there is a high safety more of iOS," but, Jinperiumu has advised that "should not think so." When Jimperium scans 50,000 iOS devices and applications that are used for enterprises using machine learning technology, malware was found to be 1% of the total, whereas "5 units that of the application to get the password information and the terminal of the device unique identifier (UDID) with 20% of the terminal corresponding to "have found that it is installed. In addition, such as 3% of the application continues to use the old encryption algorithm, such as highly vulnerable "MD2", it has also been revealed that you are in a large state of the problem.
About the threat of iOS application, Jimperium is using "malware" "sharing keychain" "using MD2 cipher" "using a private framework (not allowed to use)" "obtain private information such as URL and UDID "And" the ability to read private information during USB charging ". Also, 2.2% of all the analyzed applications revealed at least one or more of these threats, "One of 50 apps will leak data to a third party The situation that there is a possibility is a clear concern for the company ".
Related Posts: