nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Half the Fanbois in your office are unpatched ATTACK VECTORS

iOS 9 imminent, but they'd rather run 8.3

By Darren Pauli, 11 Sep 2015

Duo Labs researcher Mike Hanley says one in two iPhones connected to corporate networks are running outdated versions of iOS.

The poor patch performance means half of all iDevices are corporate attack vectors running April's iOS version 8.3 or lower, and as a result are brimming with more than 100 vulnerabilities.

Almost a third of those exposed 50 percent run versions below iOS 8.2, Hanley says.

"We found that half of all iPhones in use today are running iOS 8.3 or lower, which was released five months ago," Hanley says.

"All it takes is one vulnerable device accessing your network to put your entire organization at risk of a data breach.

"We need to start thinking about mobile devices in the same way [as desktops]."

The exposed phones are at risk from Ins0mnia vulnerability that allows malicious apps to break policy and run indefinitely while stealing data, and the patched Quicksand bug in which enterprise credentials are stored in unprotected directories.

A quarter of the exposed devices run iOS 7 released June last year and are open to a whooping 230 vulnerabilities.

Hanley points to the popularity of bring-your-own attack vector device policies noting that updating of networked devices is essential.

But some users need more than a software update; Some 20 million iPhones older than a 4s are end-of-life and no longer receiving protection from security vulnerabilities.

Hanley says that number will blow out to 60 million when iPhone 4s devices are consigned to the Apple loser pile.

Of those users who do update, only the 10 percent of Apple fanatics update in the same week of release.

Android devices are even worse. One in five users have upgraded to the latest stable Android Lollipop in the rare instances stars align between carriers and handset-makers.

According to Google's 7 September statistics almost 40 percent of Android users prefer or are more likely stuck on version 4.4 KitKat while 31 percent run 4.1 to 4.3 Jellybean.

Android users keen to upgrade should check the XDA Developers forums to see if custom ROMs have been developed for their devices. These upgrades are of course not without their own security considerations. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing