iPhone, iPad Popularity Could Threaten Enterprise Security: Zscaler
Apple devicesfrom iPhones to iPads to Macsare becoming more prominent in enterprises as employees bring them to work, fueling the burgeoning trend of the consumerization of IT.
And that could cause security problems for businesses, according to researchers at security software maker Zscaler.
The recent malware attacks over the past few weeks on Macs running the Mac OS X operating systemas well as the yearlong rise of cyber-attacksare an indication that as these products become increasingly popular with consumers, they also are becoming favored targets of hackers. And as consumers bring these devices into the enterprise and look to access corporate networks and dataa trend called bring-your-own-device (BYOD)the cyber-threat to businesses also will grow.
A key problem is that many users of Apple products have come to believe that, despite the recent attacks such as the Flashback malware and SabPub Trojan, their products are essentially invulnerable to viruses and other threats, and theyve become somewhat lax in keeping the security software on their devices up-to-date.
In addition, Apple officials have proven to be slow in responding to threats, even though the company on May 9 released updates that fixed some flaws in Mac OS X and the Safari Web browser.
For businesses, Macs, and iPads and iPhoneswhich run on the iOS mobile operating systemcould be a problem, according to Mike Geide, senior security researcher at Zscaler ThreatLabZ.
This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats, Geide said in an email. The need to follow best security practices, such as remaining current with patches, is ubiquitousit doesnt matter if youre using Windows, Mac or even a mobile phone.
Apples security issues came into full view in early April, when it was reported that the Flashback malwarewhich was first detected in late 2011 but became a significant threat this yearhad infected more than 600,000 Macs worldwide, more than 1 percent of the systems in use.
Flashback exploited a vulnerability in Java that had been patched by Oracle in Windows PCs and other systems in February. However, Apple didnt release its update until early April, too late to stem the infections. In addition, after the extent of the infections became known, Apple didnt release a tool that could detect and remove the malware until after several security software vendors already had launched their own free offerings.
Soon after, the Sabpab Trojan hit Mac OS X systems, and while not as significant a threat as Flashback, it was another indication in the growing interest in Apple systems by cyber-criminals. And that interest is expected to spill over to iOS devices, in particular iPads and iPhones, which, according to Zscaler, are becoming more common in enterprises.
In their State of the Web first-quarter report issued April 30, Zscaler researchers said that Apple iOS traffic rose from 40 percent of all mobile traffic in the fourth quarter of 2011 to 48 percent in the first three months this year. The report looked at 200 billion transactions from millions of users worldwide.
According to the report, Android and BlackBerry traffic declined.
The rise in iOS traffic is important, according to Zscaler, given the rise in the mobile transactions in the enterprise, both on guest WiFi and business networks. Business security solutions need to cover the Apple iOS devices given their rising popularity in business, according to the report.
As the Mac becomes increasingly popular, the number of attacks targeting OS X will go up, said Michael Sutton, vice president of security research for Zscaler ThreatLabZ.
The same will likely be true for iOS devices, the researchers said.