Which Mobile Platform is Secure? Toss a Coin

Thursday, June 19, 2014 @ 04:06 PM gHale

Mobile operating systems have their plusses and their minuses depending on needs and desires, but when it comes to using your own devices, well, it is a coin toss between Android and iOS.

A threat report around the BYOD (Bring Your Own Device) theme shows that in an enterprise environment, neither operating system “is inherently more secure than the other,” said researchers at security firm Marble Security.

Breaches Continue Upward Trend
Attackers Exploit Privileged Accounts
Cloud Breach: Cost 3 Times Higher
How Attackers Bypass Security: Report

The report found despite Apple’s tight app distribution control, a non-jailbroken iOS device can still download software from enterprise app market places, through various testing apps and programs.

These allow installation of apps from websites with no more effort than a tap on the screen, thus allowing for more or less the same risks as in the case of Android devices.

Google Bouncer, the engine that checks the apps for malicious code before they end up listed in the store, is quite efficient, but, as Marble Security said, it “cannot protect users from installing apps from other marketplaces.”

A threat matrix comparing the two platforms shows the weak spots of the two platforms, both vulnerable to most of the attack types presented.

While iOS is not susceptible to sideloading apps and harvesting phone call and SMS logs, Android is resistant to hostile configuration profiles, which on iOS can occur while visiting a website.

But both of them are vulnerable to different types of phishing (regular phishing, spear-phishing, SMS-phishing and app-phishing), address book mining, jailbreaking and rooting, SSL weaknesses, unencrypted mail attachments, ransomware and backup jacking.

Ransomware threats are present on both platforms, as the latest reports of this type of incidents on iOS are no older then the month of May, this year; on Google’s mobile platform these events are even more recent, more frequent and can be more complex in nature.

“Both iOS and Android are complex operating systems, and will continue to grow in complexity over time. Major new features such as Siri for voice navigation have revealed serious security holes that may expose user contact data and phone address books. As the operating systems evolve, they will no doubt improve security, but as they add features, new security holes will emerge,” the report said.

Leave a Reply

You must be logged in to post a comment.