Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns.
The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit and miss, while hopelessly weak mobile password security is also an issue in a significant minority of cases, especially with Android users.
More ReadingWhen it comes to spaffing your login creds, Android biz apps are the businessiOS banking apps security still not good enough, says researcherAll eyes on the jailbroken as iOS, Mac OS X threat level ratchets upAndroid users left at risk... and it's not even THEIR FAULT this time!It's BACK – Stagefright 2.0: Zillions of Android gadgets can be hijacked by MP3s, movie files
Key findings from Duo Security study reveal:
- 80 per cent of iPhone users are not running the latest iOS 9.2 release
- 90 per cent of Android devices have not updated to the latest 5.1 Android operating system
- 32 per cent of Android users are running version 4.0 or older, leaving them susceptible to known malware such as Stagefright as a result
- One in 20 of Android devices have no password on their lock screen
Duo Security estimates 20 million enterprise mobile devices are no longer supported by the device manufacturer and therefore cannot be updated to the latest version of software to protect them against new malware.
Although the biggest threat is via out-of-date or unwatchable droids, there’s also a patching issue with iPhones and iPads. Outdated iOS devices are vulnerable to well-known attacks, such as Ins0mnia and Quicksand, Duo warns.
An estimated 95 per cent of data breaches are caused by compromised user credentials, according to the latest data breach report by Verizon. Duo Security argues that keeping mobile devices upgraded tackles a big part of this problem.
More on the study – together with advice in easing mobile patching headaches – can be found in a blog post by Duo Security here. ®
The infamous Stagefright vulnerability allows an attacker to compromise an Android device via an MMS message.