The most popular mobile platforms, including Apple iOS and Google Android, in use today show improved security over traditional desktop-based operating systems, though major gaps are to be filled in, according to a Symantec white paper.
Today’s mobile devices are potentially exposing key enterprise assets to increased risk as they are increasingly being connected to and synchronized with an entire ecosystem of 3rd-party cloud and desktop-based services outside the enterprise’s control.
While offering improved security over PCs, both iOS and Android are still vulnerable to many existing categories of attacks, the whitepaper, ‘A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android’, said.
iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which verifies the identity of each software author and weeds out attackers.
Volume of Android-specific malware has increased as Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection, the whitepaper said.
Sensitive enterprise data stored on both Android and iOS devices can potentially exposed to vulnerabilities as users of both these regularly synchronise their devices with 3rd-party cloud services and with their home desktop computers.
Attackers find opportunity with so-called "jailbroken" devices, or devices whose security has been disabled, as theses devices offer attractive choice to them as traditional PCs.
Symantec fellow and chief architect of Symantec Security Technology and Response Carey Nachenberg said while more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks.
"Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers," Nachenberg said.
