Professional Documents
Culture Documents
Intelligence Report
Q1 2017
Apple has always been primarily focused on the end-user experience, historically
the domain of the consumer market. Previously, enterprise IT did not have to worry
too much about how happy their users were with the devices they were given for
work purposes. IT priorities started with standardization and security - keeping costs
under control and protecting all of the data inside the company was paramount, and
user experience was probably somewhere on page 2. Enterprise users didnt expect
anything different, until the iPhone and the App Store started to give them more of
the tools they needed to be productive at work as well. Enterprise IT has been playing
catch up ever since.
There are two types of data represented and analyzed in this report. First is public
historical data covering the ten years since the Apple iPhone was introduced, to
provide education and a context of trends leading to today. Second is a study of
threats and incidents captured directly by Skycure sensors distributed around the
globe during the first quarter, from January 1 through March 31, 2017.
2.5
MILLIONS OF APPS
2
App Store
1/17
1.5 2.2M Apps
0.5
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
Projected: 643
vulnerabilities would be identified and patched, that CVEs per Year
is certainly not the case. The code for an operating
system is constantly evolving, with new features, so
expect an endless supply of vulnerabilities to find
500
and fix. Note that each CVE also gets a score from 0
to 10 indicating its potential impact on the security
of the system, with lower numbers representing less
risk and higher numbers representing higher risk.
400
Although the average doesnt seem to change much
from year to year (consistently in the 6-7 range), do
note that there are a lot more 10s today than there
used to be. 300
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
iPhone OS 1: 1.1.5
iPhone OS 2: 2.2.1
iPhone OS 3: 3.1.3
(additional iPad releases up to 3.2.2)
iOS 4: 4.3.5
iOS 5: 5.1.1
iOS 6: 6.1.6
iOS 7: 7.1.2 SHARE THIS IMAGE:
iOS 8: 8.4.1 corresponds with CVE spike in 2015
iOS 9: 9.3.5
iOS 10: 10.3.1 (as of April 3, 2017)
iOS 10.3 Android 7.1.2
21.74% 0.29%
Android 6 56.63%
iOS 9 7.92%
Android 5 15.91%
iOS 8 0.66%
Android 4 6.66%
iOS 7 0.04%
Android 3 0.01%
The very first iOS malware found in the wild was Q1 2017
0.65%
called the Ikee-virus, also called Eeki. It was a worm
transmitted between jailbroken devices with OpenSSH
installed, but still using the default root password. When
infected, the lockscreen background changes to a photo
of Rick Astley. This is where it all started, a spam-type
malware that spread broadly, with an impact that most
would put in the annoying category (depending on how
you feel about Rick Astley).
SHARE THIS IMAGE:
MALICIOUS LEVERAGING OS
SETTINGS VULNERABILITIES
MALICIOUS PROFILES PEGASUS
LEVERAGING CABLE
WIRELURKER, MALICIOUS
CHARGERS
3
Once jailbroken, infiltrate the
device with malicious code
very good at hiding their presence to extend the
period of control or spying access. The motivation is
often financial gain or corporate or state-sponsored
espionage. Here is a kill-chain process flow of the
Hide the existence most dangerous iOS malware today.
4 of the infiltration
for
SHARE THIS IMAGE:
NEONEGGSHELL - AUG
HACKING TEAM TOOLS - JUN
ACEDECEIVER - MAR
ADTHIEF/SPAD - MAR
DROPOUTJEEP - DEC
XCODEGHOST - SEP
XSSER MRAT - DEC
CELLEBRITE - FEB
KEYRAIDER - AUG
YISPECTER - OCT
INCEPTION - DEC
APPBUYER - SEP
PEGASUS - AUG
UNFLOD - APR
XAGENT - FEB
MUDA - OCT
2009 2011 2012 2013 2014 2015 2016 2017
Here is a list of sample iOS malware and the first reported to Apple by Skycure on June 3, 2013,
approximate discovery dates, showing both turned out to be incredibly complicated and took
exploits caught in the wild after infecting devices, two-and-a-half years to issue a fix.
and research results from white hats that were
discovered and fixed before falling into the wrong Malicious Profiles falls into the other category - more
hands. These are only the most notable exploits of a vulnerability by design. Skycure first identified
and is NOT an exhaustive list. Exploit types include the malicious profiles vulnerability on March 12,
virus/worm, adware, scareware, trojan, ransomware, 2013. Over the next few years, Apple made several
spyware and others, many of which do not require the attempts to change the user experience of installing
device to be jailbroken. profiles to reduce the likelihood of successful social
engineering attacks. With the release of iOS 10.3,
While many of these vulnerabilities are able to be Apple made the most significant effort yet to reduce
patched in a matter of weeks after disclosing them this threat. It is only a partial fix, but requires users
to Apple, there have been notable exceptions. A to manually enable installation of root certificates in
vulnerability may be technically very difficult to a more cumbersome process, raising the bar for how
remedy, or there may simply not be a good way to fix good a social engineering exploit must be to succeed.
it without adversely affecting some important feature This should have a good impact toward reducing the
or user experience. The Shared Cookie Stores bug, likelihood of such attacks.
40.6%
40%
36.7%
30.3%
30%
20.9%
20%
10%
1 2 3 4 5
Dont click, install or Only install apps If you are not Always update the Protect your device
connect to anything from reputable confident the Wi-Fi is latest security patch with a free mobile
that you are not app stores. secure, dont perform as soon a it is available security app
confident is safe. sensitive work while for your device. like Skycure.
connected. apps.skycure.com
Since user behavior is such a huge factor in mobile security, user education is one of the most important things an
organization can do to minimize the threat from mobile devices. Users should know to only install apps from the
primary app stores, dont click on untrusted links or approve device permissions and accesses without good reason.
The other important thing an organization can do is install Skycure, which will proactively protect devices in realtime,
often even if the user is doing something that is unsafe. Skycure will also inform users and IT admins about the
upgradability of both iOS and Android devices so that the window of vulnerability is minimized.
Protect your mobile device with the free mobile app from Skycure.
About Skycure
Skycure is the leader in mobile threat defense. Skycures platform offers unparalleled depth of threat intelligence to predict, detect
and protect against the broadest range of existing and unknown threats. Skycures predictive technology uses a layered approach that
leverages massive crowd-sourced threat intelligence, in addition to both device- and server-based analysis, to proactively protect
mobile devices from malware, network threats, and app/OS vulnerability exploits. Skycure Research Labs have identified some of the
most-discussed mobile device vulnerabilities of the past few years, including App-in-the-Middle, Accessibility Clickjacking, No iOS Zone,
Malicious Profiles, Invisible Malicious Profiles, WifiGate and LinkedOut. The company was founded by security industry veterans Adi
Sharabani and Yair Amit, and is backed by Foundation Capital, Shasta Ventures, Pitango Venture Capital, New York Life, Mike Weider,
Peter McKay, Lane Bess, and other strategic investors.