Study Shows Smartphones Sport Better Security Features Than Desktops

After a few decades of being knocked around by malware and other viruses it is no surprise that mobile OS’s are designed to be less vulnerable that their desktop counterparts, but a recent study shows that the opportunity for social engineered attacks is much higher.  Both Apple and Google have built protections into their mobile operating systems – such as encryption, access control and application isolation – making both devices more inherently secure than desktops, according to the report, titled “A Window into Mobile Device Security.” 

Chief among the list of mobile security risks is that users of both Android and iOS commonly synchronize their devices with their home computers combined with a shorter primary life cycle leading to a large market of used phones.  These practices could lead to sensitive corporate information being transferred to devices outside of the control of the enterprise.

“It’s a lot like someone stealing your identity by going through your trash” Jennifer Svensson, CEO of VertiGO RECOVER a global firm that helps corporations and governments deal with mobile security, told iPhone Einstein on Friday. “Smartphones can contain gigabytes of data, If you don’t take the time to shred the information you make it easy for someone to steal it.”

Most organizations still have a large population of phones purchased by individual employees making it more difficult to secure the life cycle of these phones even though the  underlying operating systems are inherently more secure.  “All of these devices operate in one or more uncontrolled environments. From an enterprise perspective, you don’t control the security of those services or home computers” says Svensson.

When it comes to malware, the iOS mobile operating system, which powers iPod, iPhone and iPad devices, provides a high level of protection due to Apple’s stringent application and developer certification processes, the report states. On the other hand, Google still allows any software developer to create and release apps anonymously and without inspection.  This approach, naturally, makes it easier for malware authors to target the Android platform.

As for the encryption capabilities of each phone, iOS provides strong protection for emails and attachments, but it does not fully protect against the risk of physical device compromise, the report states. Most of the data on iOS devices is encrypted in a way that can be decrypted without the need for a user to input their device’s master passcode. Consequently, an attacker with physical access to a device could use a jailbreak attack and read most of the data on a device.

To defend against mobile threats, organizations need to take policy creation more seriously and consider deploying management solutions, the study said.  In addition to managed services, user education and training is the best way to mitigate mobile information risks. Training programs should aim to educate users why security policies are necessary and include operation and disposal practices.