A new report released this morning by Skycure shows that attackers are beginning to focus more and more of their attention on iOS, even as attacks on Android are leveling out . This would be the first time in iOS’s 10 year history that attacks on that platform have outpaced that of its main competitor, Google’s Android.
The image above shows the different major attacks that have hit the iOS ecosystem in the past eight years and clearly shows the frequency of these attacks pick up since 2015. There is also a steady decrease of white hat discoveries since around 2013. Skycure’s data shows that the number of iOS devices in enterprises that have malicious apps installed has more than tripled since the third quarter of 2016,.
These attacks are widely different from one another, ranging from a hijacked cable to being bundled in an app coming from the Apple App Store as the graphic below shows.
One of the more severe examples was “XcodeGhost” which exploited the iOS development environment itself to get malware into the App Store. There are also some severe social engineering efforts that begin with targeted social engineering to get the victim to click or install something, then jailbreak the device, ending with the attackers gaining access to GPS, camera, microphone, SMS, email, and other apps
While the report shows increasing number of attacks targeting iOS devices, it is worth mentioning that Yair Amit, co-founder and CTO of Skycure, who authored the report, said an increase in attacks or malware samples on iOS doesn’t mean the platform isn’t safe.
“The number of vulnerabilities and malware does not indicate how secure a platform is, but it does indicate how often hackers are attempting to break into it. Increasing malware and vulnerabilities demonstrate that hackers want to break into iOS devices. Enterprises need to make sure that they don’t find a way in,” Amit said.
There is some good news for iOS users: iOS devices are patched very quickly in comparison with the competition, and while attacks are on the rise they are quickly resolved. In addition, the report showed that many more iOS users are running the latest major software update (91%) compared to Android (22%). An older report by the same organization also found that 71% of Android phones run on software versions that are over 2 months old.
The report includes some basic suggestions for improving safety while browsing on any mobile device:
- Don’t click, install or connect to anything that you are not confident is safe.
- Only install apps from reputable app stores.
- Don’t perform sensitive work on your device while connected to a network you don’t trust.
- Always update to the latest security patch as soon as it is available for your device.