Users are a huge security threat to the mobile enterprise. That’s clear after last month’s iOS breach that led Apple to implore people to update their devices as quickly as possible.
Apple discovered a big vulnerability in its iOS mobile operating system in August, and shortly after released a security patch with iOS 9.3.5. Attackers could exploit the vulnerability by sending users a link via text, which would load malware onto the device if the user clicked on it.
This breach exemplifies that end users are the biggest threat to mobile security in businesses, and IT must educate employees on safe mobile device practices, experts said. For instance, a lot of attacks come in the form of “social tricks” such as phishing people’s email, said Michael Oh, CTO and founder at TSP LLC, an Apple reseller based in Boston.
“A complacent user base is the biggest threat,” Oh said. “IT needs to educate people that using iOS and Macs doesn’t automatically make you safe.”
This particular hack also led to a breach of user privacy. The NSP Group, a company in Israel that sells mobile device tracking tools, abused the iOS vulnerability by gathering information from users’ apps. It used its software to log text messages, track calls, access contacts and track devices’ locations.
Apple released the fix in iOS 9.3.5 within 10 days, making it critical that business users — whether using company-owned or personal devices with corporate data on them — updated their devices right away. On the whole, Apple has an excellent record when it comes to maintaining the security of its products, said Michael Finneran, principal analyst at dBrn Associates in Hewlett Neck, N.Y.
“The weak link in the chain is the user who would have to click on a suspicious link to get the ball rolling,” Finneran said. “Unfortunately, there’s no cure for stupid.”
The speed at which the majority of iOS users implement OS upgrades also helps bolster security, he added. In contrast, Android users typically don’t update their devices regularly, which causes OS fragmentation and means they often don’t have the latest security patches.
Apple is expected to announce iOS 10 and the iPhone 7 at its Sept. 7 media event next week.