CISSP Mobile Malware and Unpatched Operating System or Browser – Bk1D3T7St5St6

Mobile Malware

Like all computing systems, mobile devices can be compromised by malware. The increased risks from malware in a mobile environment stem from most users’ desire to be able to download and install apps on their phones, leading to attacks via a rogue app. In 2018, Trend Micro identified 36 apps in the Google Play store that appeared to be useful utilities but, in fact, installed malware on the users’ phones.

Unpatched Operating System or Browser

Like other computing systems, vulnerability management is critically important, with many users owning their own mobile devices but wishing to use them to access company information (the BYOD problem).

The risks include:

  • Users not updating their devices
  • Users using phones that are no longer supported and therefore no longer receiving security updates
  • Mobile device manufacturers and carriers that delay phone updates in order to perform their own compatibility testing. This, of course, leads to an opportunity for attackers to reverse-engineer patches as they are released by the mobile operating system vendor, but before they are made available to customer.

In many cases the security flaws that trigger smartphone manufacturers to issue updates are well publicized, which means the attackers can learn of the flaws and develop exploits. Not patching your phone, or delays in patching, leaves it vulnerable to known attack vectors.