Experts California-based company Zscaler, specializing in cyber security, conducted a security analysis from hackers mobile devices on different platforms. In their study, they used data obtained from enterprise cloud platform, through which each quarter is approximately 45 million transactions connected with mobile gadgets. About 4% of these operations — about 200 thousand — related to the data breach.
Most often go “on the side” the metadata from the device user, information about its location, as well as personal user data (email, phone number and so on).
System has calculated the vulnerability
20 million operations performed through the mobile operating system Android, according to experts, approximately 0.3% associated with a data breach. According to the analysis, 58% of the leaks on Androidотносится metadata, including IMEI, MAC and IMSI, information about SIM cards and the manufacturer of the gadget.
the Researchers analyzed the vulnerability of different platforms
39.9% of leaks reported to the user location, including exact latitude and longitude. The remaining three per cent of personal user data. One percent of the leaks was associated with malware, the rest is using the official OS applications.
a Similar percentage was observed for devices running on iOS. Of the 26 million transactions, the data leakage was observed in 0.5% of cases. 72.3% of transactions were reported to a user information about the device, about 27.5 percent — on the location of the owner of the gadget and 0.2% of his / her personal data. 5% of all leaks are the result of the work of malware.
according to the geography of leaks, most of them comes from American users Androidи Chinese iOS users. Also, the ratings were a significant amount of owners of gadgets from South Africa and the UK.
Developers do not follow security
“In a joint study VMI Ponemon Institute notes that of the 400 surveyed companies, about 40% did not check they create applications for vulnerability to hacker attacks,” — said in Zscaler.
Assessing threats from leaks, Zscaler expert explained that the device metadata are unique worldwide and will not change during the lifetime of the device. A set of such identifiers can be leveraged by attackers in various attacks: from privacy threats to the physical denial of service device.
for Example, if there is a leak in the GSM Protocol, the hacker need to know Medevial. The exact location of a person is very valuable in the era of globalization and large-scale espionage. With regard to the personal data of the person, they can need criminals for different purposes, including phishing and spamming.