Top 2016 Mobile Security
Threats and Your Employees
HOW YOUR EMPLOYEES EXPOSE YOU TO THE TOP MOBILE SECURITY THREATS OF 2016

Most people believe smartphones are
secure when they buy them
❖ 45% of people don’t buy security software for their smartphones
❖ They don’t even bother to use a simple password to secure their
phone
❖ It only takes 30 seconds to hack into a smartphone
❖ 78% of iOS and Android apps have been hacked
❖ 50% of popular apps don’t defend against hackers

❖ And wiping them after
they are lost doesn’t
always keep data out
of hackers’ hands
Over 4 million
smartphones
were lost in
2013 alone

Grayware and Bloatware
These are intrusive applications that have been known to:
❖ Leak information
❖ Change user bookmarks
❖ Pester users to download other programs
❖ Install ads for other programs on a user’s home screen
❖ Sent SMS messages or communicate externally without the user’s
knowledge
Many smartphones that are preloaded with apps often contain
grayware and bloatware.

Malvertising
❖ a term used to
describe ads that
contain Trojans / other
malicious software
aimed at being
embedded in one
phone and then
spreading.
❖ Malvertising has
become a popular way
for hackers to infiltrate
smartphones, putting
your corporate network
at risk.

Free Wi-Fi
Improper session handling,
unintended data leakage,
poor authorization and
authentication, and lack of
binary protections are
vulnerabilities that can often
be exploited when using
unsecured Wi-Fi access

Employees as Internal threats
❖ By the end of 2018, it is
expected that over 25% of
corporate data will be
transmitted between mobile
devices and a cloud server
while bypassing any perimeter
security.
❖ Disgruntled employees have
always been a threat to
organizations and their
intellectual data. Mobile
devices offer the ability for
individuals to bypass many
standard security measures in
their attempt to extricate and
transmit company information.

Top 6 Mobile Threats
❖ Cross Device Transactions
❖ Expanding Mobile Payment Options
❖ Mobile Web Browser Hacking
❖ Man-in-the-middle(MITM)Attacks
❖ Distributed Denial of Service (DDoS)Attacks
❖ Mobile Healthcare Information and Devices

Cross Device Transactions
❖ An individual may access their
work email, eBay account or
mobile banking services from
different devices, sometimes
even on the same day.
❖ Mobile security for this type of
access is often unsuccessful
and leaves both the company
and clients vulnerable to
malicious attacks.

Expanding
Mobile Payments
▶ NFC-based mobile
payments are
vulnerable to bot
attacks, malware,
device spoofing,
jailbroken devices or
even rooting.
▶ Whether you offer
mobile payment
options or your
employees use them
for their purchases,
your company can be
at risk as a result of
this vulnerability.

Mobile Web Browser Hacking
❖ Webkit-based exploits coupled with OS/kernel-level exploits can
bypass a browser sandbox and then leverage OS vulnerabilities.
❖ Stagefright has been giving Android and Android-based app
programmers a run for their money as security experts try in vain to
create effective security patches.
❖ This makes mobile web browser hacking most effective way to
bypass smartphone system level security measures

Man-in-the-Middle-
Attacks(MITM)
❖ MITM attacks have also
increased as more people are
using free Wi-Fi for tablets,
smartphones and laptops.
❖ Eavesdropping and hijacking
are easier using these open
Internet access points and if an
employee is using them to
access company data, the
hacker will have an all access
pass into your corporate
network.

Distributed Denial of Service Attacks
(DDoS)
❖ DDoS attacks have become more sophisticated as hackers learn
new ways to leverage old school attacks.
❖ Malevolent programmers have learned how to turn devices into
DDoS bots once the hacker has gained control of them.
❖ These DDoS bots are harder to detect or prevent compared to
traditional attacks, making corporations vulnerable to a threat they
aren’t aware exists.

Mobile Healthcare Information and Devices
Your Employees and Health Information
❖ Mobile Healthcare Information and
devices have become more of a
threat as the healthcare industry
struggles to make devices more
intelligent and data more accessible.
❖ Surveys show that 94% of healthcare
organizations admit to a cyber-attack
❖ When your employees access their
medical information from a hacked
organization that health care system
may be monitored by hackers and
used to access the devices that
connect to the system via an internet
connection.

Do you want to learn more or find a
solution ?
You can learn more about how employees are a threat to your
company’s mobile security by reading the full article here.
If you want to learn more about advanced mobile security threats and
how to protect your organisation, click here , comment in the boxes
below or email neil.kemp@networkandsecurity.co.uk