Half of All iPhones Are Insecure

By

Phones with over a 100 known vulnerabilities are common on corporate networks.

According to researchers at the security firm Duo Labs, 50% of all iPhones are running an old OS with known vulnerabilities that could compromise a corporate network. Duo's program manager Mike Hanley writes in his blog that half of all iPhones are running iOS version 8.3 or lower. By the standards of many cellphone users, version 8.3 is relatively recent (it was released only five months ago); however, users with version 8.3 are missing over 100 security updates that have appeared in versions 8.4 and 8.4.1.

According to Manley, two vulnerabilities patched in version 8.4.1 are particularly important: the Ins0mnia bug, which lets the attacker steal data and drain batteries, and Quicksand, which “exposed enterprise credentials and sensitive configuration details ….”

Thirty-one percent of all iPhones are running version 8.2 or lower and are missing patches for 160 or more vulnerabilities. The report also points out that 20 million iPhones in the world today can't even receive updates because they are too old and the hardware is no longer supported. The end of support for Windows XP received detailed coverage in the press, but the gradual phase-out of security support for smartphone hardware often goes unnoticed.

Users, and especially corporate admins who support iPhone and Android devices, are encouraged to rid their networks of phones that can't be patched and to make sure the patchable phones are patched regularly. Manley adds that smartphones are often clogged with videos, photos, and music files, and the lack of available free space slows the update process. Clearing some space can often make the update faster and, therefore, less disruptive for the user.  

09/16/2015
comments powered by Disqus