Mobile Security Guide

Your Guide to Mobile Threat Defense Featuring Gartner’s Market Guide for Mobile Threat Defense Solutions

Answers to Frequently Asked Questions on Mobile Security

From the experts at Zimperium

MOBILE SECURITY

More than likely you will not be able to determine if your phone has been hacked or compromised without knowledge of the operating system and device hardware. However, you may notice your phone exhibiting new behaviors like becoming slower, crashing, and having excessive battery drain. Some users received enormous data usage bills from their service providers after malicious adware was installed on the device. To determine with certainty whether or not your phone has been hacked or compromised by a third party requires specialized software to do so. Zimperium provides a mobile security or mobile threat defense app, zIPS, that determines if your phone is being tampered with. zIPS privately monitors the behavior of your device using a machine learning technology to detect and prevent smartphones and tablets from being hacked or compromised. In the event your phone is being hacked, zIPS can detect and stop the attack. zIPS will also gather technical details about the attack and how it is being delivered to your device so you can avoid future hack attempts. The information about the attack is stored in an administration console for your security team.

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Mobile security threats are vulnerabilities or attacks that attempt to compromise your phone's operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors making traditional IT security solutions ineffective to securing mobile devices.

One of the primary differences how mobile devices are different from PCs and laptops, is administration privileges. There are several administrators for a PC or laptop making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices administration is handled by the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user--who may not have the time or expertise to provide proper mobile device security.

To address this issue, Zimperium provides a platform uniquely allowing IT organizations to protect company networks and systems by installing a mobile security app on devices accessing corporate systems. The zIPS mobile security app monitors mobile devices for malicious behavior and detects attacks to the device from operating system vulnerabilities, the network, apps or mobile malware. The app uses specialized technology specific for mobile to detect all types of attacks without the need to read user data or hinder device performance.

Mobile security is very important since our mobile device is now our primary computing device. On average, users spend more than 5 hours each day on a mobile device conducting company and personal business. The shift in device usage habits has also moved the prime target for hackers from PCs to our mobile devices. Since mobile devices are now a prime target, we need to secure them and arm them with threat detection and malware protection just like PCs.

Smartphones are able to circumvent traditional security controls, and typically represent a massive blind spot for IT and security teams. Hackers know this, which no doubt contributed to the number of smartphone attacks recorded between January and July 2016. The number of attacks nearly doubled compared to the last six months of 2015. During that same time period, smartphones accounted for 78% of all mobile network infections. According to Zimperium, 4% of corporate mobile users detected malicious Wi-Fi attacks in the first half of 2017. You can review information about these attacks in the Zimperium Global Threat Report.

There are over 3 million apps in Google Play and 2 million in the Apple App Store. These stores perform analysis on apps and remove malicious apps once they are identified. However, malicious apps do enter the stores and infect users’ devices. Examples of app-based attacks include XcodeGhost on iOS and Gooligan, a family of Android-based malware.

Apps have special privileges and access to device functions, such as location, access to cameras, microphones, and user data. Users provide access to device functions upon app install but may not fully comprehend the potential harm they may be allowing. Plus, sophisticated attacks could activate days after an initial install or after an app update, to evade signature-based malware detection. You need to install a real-time mobile security solution to detect attacks from apps and mobile malware.

Zimperium monitors device behavior and also investigates apps for security issues and privacy abuse. Some of the most severe issues include:

  • Does the app contain known malware?
  • Does an app app share passwords from its keychain with other apps made by the same team?
  • Does the app use weak encryption?
  • Does the app use private or outdated frameworks?
  • Does the app send query parameters with private user or device information?
  • Does the app read private information such as the UDID or device identification number?

Zimperium completed a study of 50,000 iOS apps installed on enterprise users devices. The study found 1,101 or 2.2% of the apps had at least one of the aforementioned security or privacy issues. This is a significant concern to enterprises since 1 of 50 apps is potentially leaking data to third parties. The complete study is available in the Zimperium Global Threat Report, 2017.

Mobile security refers to the set of technologies and practices that aim to protect mobile devices against operating system vulnerabilities, network and app attacks, or mobile malware. Technologies such as enterprise mobility management (EMM) solutions manage compliance policies and issues relating to device privalege or loss. Mobile threat detection (MTD) technologies such as Zimperium's zIPS complement EMM solutions, protecting devices from cyberattacks via network, application and operating-system threats and vulnerabilities. Your mobile security strategy will vary on your deployment architectures and whether you need an EMM and / or MTD. Contact Zimperium for a briefing and risk analysis on how to determine your mobile risk posture.

In order to determine which mobile security is best for Android, it is important to take into account both known threats (those for which there are already recognized signatures) and unknown threats (which are zero-day threats). Zimperium’s zIPS app uses real-time, on-device machine learning-based technology to protect Android devices against both known and unknown threats.

You can download zIPS in Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

To understand which mobile security is best for iOS / iPhones, it is helpful to understand that iOS devices are subject to both known and unknown threats. Known threats are those that have already been discovered and for which there are known signatures. Unknown threats, also referred to as zero-day threats, do not have known signatures. Zimperium solutions such as zIPS use real-time, on-device machine learning-based technology to protect iOS devices against both known and unknown threats.

You can download zIPS in the Apple App Store and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

There are a number of mobile security solutions available on the market, but identifying which mobile security is best for enterprises entails using specific criteria. As is often the case, solutions designed for consumers and end-users may not be as robust, full-featured, reliable and scalable as solutions designed specifically for the enterprise. In particular, mobile security solutions that are suitable for enterprise use should include scalability, autonomous functionality, machine learning, on-device operation, and protection from zero-day threats. Enterprises also need to consider flexible deployment models to take advantage of existing infrastructure or cloud computing environments. Zimperium solutions such as zIPS uniquely meet all of those criteria.

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Yes. Mobile security apps are necessary to prevent phone tampering from operating system vulnerabilities, other apps, or malicious activity on network or Wi-Fi connections. Mobile devices contain and have access to private and sensitive data about your business or person and the data needs to remain private. Mobile phones do provide some security features like PIN and lock codes, but they do not come with security software to prevent mobile attacks and hack attempts nor will they alert you if there is a problem. For these reasons, we recommend using a mobile security app such as zIPS. zIPS mobile security app monitors your mobile device for malicious behavior and dynamically detects attacks from malware, apps or your Wi-Fi and network connections. zIPS users have detected attacks in every region of the world from operating system vulnerabilities, bad apps and network attacks. You can review these attacks and review the details in the Zimperium Global Threat Report.

MOBILE THREAT DEFENSE (MTD)

Mobile Threat Defense (MTD) solutions protect mobile platforms by detecting threats to devices, operating systems, the networks they use and apps on the device. Each of these vectors is vulnerable to a variety of attack methods. More information about mobile threat defense is available on the Zimperium blog here.

Several analyst firms now cover both EMM and MTD markets. There are several analyst reports available on Zimperium.com and on the Zimperium blog.

ZIMPERIUM

Please contact us today for information and reports on how to compare several mobile threat defense technologies and methodologies.

Please contact us today for information and reports on how to compare several mobile threat defense technologies and methodologies.

Zimperium support can be contacted at support.zimperium.com.

Yes. Submit a request for a trial of zIPS and an administration console on our Contact Us page for evaluation licenses.

zLABS – Global Threat Intelligence: Zimperium’s zLabs stays ahead of the ever-changing cybersecurity landscape by providing in-depth, ongoing research. The team has identified and disclosed numerous mobile device vulnerabilities over the past few years to Apple and Google. These discoveries have helped influence security practices, acceleration of security updates by Google and mobile operators and suggest more accountability for iOS security.

zIPS

The zIPS mobile security app provides comprehensive protection for iOS and Android devices against mobile device, network, and application cyberattacks. The app leverages machine learning to provide on-device protection from known and zero-day threats. More information about zIPS is available on the zIPS Product page and YouTube “What is zIPS?”.

You can download zIPS in the Apple App Store or Google Play and contact Zimperium for an activation license. There are also videos available explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

Zimperium mobile threat defense integrates with leading enterprise mobile management solutions, including:
VMware AirWatch
BlackBerry
Citrix XenMobile
Microsoft Intune
MobileIron
Silverback

zIPS™ can detect both known and unknown threats by leveraging machine learning to analyze the behavior of mobile devices. zIPS operates by itself or with existing enterprise mobility management solutions (MDM, EMM). More information about zIPS is available on the zIPS Product page or by viewing videos explaining “What is zIPS?” and “How to Tell if Your Phone is Hacked?”

zANTI

zANTI™ is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attackers and to identify malicious techniques they use in the wild to compromise corporate networks. More information and “how to” videos are available on the zANTI Mobile Penetration Testing page.

There are how to videos on the zANTI Mobile Penetration Testing page. There is also a video on how zIPS detects a MITM when attacking a device with zANTI.

VULNERABILITIES

Stagefright is a set of vulnerabilities, discovered and disclosed by Zimperium in 2015, allowing unauthorized users to remotely execute code on over 95% of Android devices. The Stagefright vulnerability shed light on the Android update process and influenced Google and handset manufacturers to optimize Android security updates. More information about Stagefright and the update process is available on the Zimperium blog.

Pegasus is a sophisticated trojan targeting the iOS platform. It provides an attacker abilities to remotely monitor and capture communication from a device (including calls, texts, Whatsapp, Viber, etc). A successful attack transforms a device running iOS into a powerful surveillance tool. This is a persistent attack and enables an attacker to remotely update and control the device to provide additional functionality as required. More information about the Pegasus vulnerability and how to defend yourself is available on the Zimperium blog.

DirtyCow is a privilege escalation vulnerability on Android devices. Zimperium detected DirtyCow as an attack before it was disclosed and classified. Zimperium did not require a client update to detect the threat since it’s threat detection technology detected malicious behavior. More information on DirtyCow is available on the Zimperium blog.

BlueBorne is an attack leveraging Bluetooth connections to penetrate and take control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. According to Google it “could enable a proximate attacker to execute arbitrary code within the context of a privileged process.”

More information on BlueBorne and how to protect your devices is available on the Zimperium support site.

ENTERPRISE MOBILITY MANAGEMENT (EMM)

EMM stands for enterprise mobility management. EMM evolved when the MDM and MAM markets merged. Gartner describes EMM as software suites that provide policy and configuration management tools for applications and content, based on smartphone operating systems. Zimperium integrates with leading EMM suites listed here.

Zimperium mobile threat defense integrates with leading enterprise mobile management solutions, including:
VMware AirWatch
BlackBerry
Citrix XenMobile
Microsoft Intune
MobileIron
Silverback