Client-Side Attacks On Android and iOS Could Increase In 2016
2015 was a pretty busy year for information and cyber security professionals all across the world. Dozens of new vulnerabilities were unearthed, and businesses, governments, and individual users kept falling victims to numerous high-profile data breaches. Worse still, as we settle into 2016, it’s highly unlikely that this trend is going to slow down any time soon.
In fact, on a closer look, we anticipate even more security threats looming on the horizon – threats that must be addressed in order to safeguard the privacy of organizations and individual users.
Here’s a brief overview of our forecast on the possible cyber security risks in 2016
iOS may not be as safe as generally perceived
While Google’s Android platform is usually the one that generally finds itself in the limelight because of its frequent security vulnerabilities, we expect iOS to be hit hard this year. There’s every reason to believe that a serious vulnerability bearing similar severity and magnitude of Stagefright will emerge in 2016.
Some experts are of the opinion that a new wave of exploitable attacks (much akin to the AirDrop vulnerability of 2015) could target iOS users in 2016. These attacks usually allow hackers to send and remotely install malware on the target device as long as they are within range. Any attempt to block the incoming file usually proves futile in a well executed exploitable attack. In addition to those, more kernel exploits and jailbreaks for iOS 9.2 and 9.3 could be on their way.
Android’s open source ecosystem will continue causing vulnerabilities
As always, Android users will have a lot to worry about as Google issues new updates. The primary reason behind Android’s ever present vulnerabilities can be traced back to its open-source ecosystem that makes it increasingly difficult for carriers to roll out software updates and fix security threats.
Just like the AirDrop issue in iOS, we are expecting Android to be hit by one or more remotely exploitable vulnerability with some resemblance to the infamous Swiftkey Keyboard issue.
Even though Google promised monthly security updates for all Android users in August 2015, a large majority of the Android community across the world failed to benefit from that move. That’s primarily because the availability of updates for the end user ultimately depends on individual carriers.
In addition, Google has now officially withdrawn support for devices running on Android 4.3 or older versions. That essentially means that over 50 per cent of all Android users are now left by the company to fend for their own.
Client-side attacks to grow at an alarming level
With network perimeters continuously being fortified with cutting-edge security features, hackers are always on the lookout for the weakest link in their target computer network. This eventually prompts them to breach a given set of perimeter security using the loopholes at the end of end-users (e.g. partners, employees, etc.).
Client-side breaches typically require direct user-interaction such as, opening an email, clicking on a link, or opening a malicious file. We expect such attacks to increase in 2016. Chrome and PDF users, in particular, could be targeted more often than others.
Other client-side attacks will include the use of media formats for exploiting loopholes in media processing libraries such as libstagefright.
With all that into consideration, it’s obvious that no individual or organization with sensitive and private data can afford to ignore the issue of cyber security. Be it the ongoing security vulnerabilities in Android or the new threats targeting iOS, there’s clearly no sign of incidents involving security breaches coming down in the foreseeable future