Nearly 2% of all smartphones are compromised or high risk

By analyzing worldwide threat Intelligence data based on millions of monthly security tests from July through September 2015, a new report found 41 percent of mobile devices are at medium to high risk on the Skycure risk scale.

Nearly two in every hundred are high risk devices – already compromised or were under attack. Skycure ranks devices according to a proprietary Mobile Threat Risk Score, which takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.

Risks increase over time, according to the study. In one month, about 22 percent of devices will encounter network threats, with that number jumping to 40 percent over the following three months. The majority of devices are not equipped to fight these threats. The report reviewed data from devices with Skycure either installed by enterprises on employees’ mobile devices or by security-aware consumers.

Despite these protections, the report found that the majority (over 52 percent) of all devices do not even have a simple passcode enabled, and 30 percent of devices were running an out of date operating system.

With more than two billion smartphones in the world, the attack surface is massive and tempting to cyber criminals. Billions of devices are at risk for attack, but the human factor may be the weakest link. The report found that:

• The majority (52 percent) of devices do not have any type of passcode enabled, including alphanumeric, biometric, and swipe codes
• One in three Android devices is still vulnerable to one of the recent high-profile Android attacks, with an out-of-date operating system (ie. the most recent major version)
• Twenty-six percent of iOS devices also have an out-of-date operating system
• Enterprise-managed devices remove some of the risk. More than five times more personal Android devices are rooted than enterprise-managed devices. The report found very few jailbroken iOS devices in enterprises. Rooting or jailbreaking a device removes most of the inherent security features of the operating system.

Mobile devices are under constant threat of attack. The report found that devices encounter threats on a daily basis and many have already been infected. Android devices are at particular risk based on user behavior.

• Nearly three percent of Android devices are infected with malicious apps with medium to high severity
• More than one in four (27 percent) Android devices has third-party app installation enabled, meaning that it can install apps outside of the official Google Play store. Interestingly, 33 percent of enterprise-managed devices have this possible vulnerability enabled versus 20 percent of personal devices because some enterprises use it to install third-party enterprise apps.
• More than 15 percent of Android devices have USB debugging enabled, an easy way for a malware application to make it to the mobile device from a computer.