Tuesday, January 5, 2016

APPLE VS. ANDROID

Mobile Security Pros and Cons

Both Apple's iOS and Android have security strengths and weaknesses,experts say:
Just like the Beta Max and VHS video wars of a few decades ago, there are staunch proponents and loyal user of Android and iOS (Apple)-based products. But unlike videocassettes and reorders, Android and Apple products carry professional, financial and other valuable information that hackers covet and work hard to obtain,using a combination of malware and social engineering.

We talked to security experts about the strengths and weaknesses of system.

Apple/iOS: Close, But Not Complete, Control
Pros of Apple's iOS includes the fact that it is proprietary, closed-source and more secure "by fault"with a single user per device" said Jason Van Zanten, information security lead at JAMF software.

"Apple approach is often seen as stronger in terms of security by providing a managed and controlled transaction environment, no system can truly be 100% fixed and closed off" said Sam Rehman, cheif technology officer for arxan technologies. "At time sthis could provide a false sense of security which emphasizes risks of certain weaknesses

"The phone user is entirely in the hand of Apple and if there is a major breach it could be catastrophic"

Android: a Popular Target
"Android offers much more freedom and control, and it is easily possible to get hardware like security protection using software fixes with native languages such as C++" Mc Lennan said.

"Generally a much better place to be than with the Apple platform," he said ,this is not true if Java is employed for sensitive codes. "Java is completely useless for code that needs security, as it takes mere minutes to influence or subvert this code."

James Quin, CDM Media senior director of content and c-suit communities, said studies show that as much as 97 % of all mobile malware targets Android while iOS "suffers from functionally none."

Android's ubiquity accounts for much of its popularity with hackers, he said.

Host Card Emulation
Android's security vulnerabilities and the sheer variations of devices and permutations of the platform and associated software create the need for Host Card Emulation (HCE), A software-based,self-sufficient and protected solution for mobile payments, Rehman said. While HCE provides flexibility, he said, it also brings a new requirement for strong, software-based protection to secure the storage of sensitive card data on the phone/device and to protect static and dynamic keys stored in the device .

This requirement is critically important to address since the 2015 Version Data Breach Investigations Report (DBIR) found that nearly 25% of breaches are attributable to memory scraping, a hacking technique that enables access to unprotected cryptographic keys and data.

Hacks With Device Administrator
A popular hacker strategy is to develop Android malware utilizing device administrator to gain very high levels of permission on phones,said Cameron Palan, senior threat research analyst on Webroot. "After its request to be a device administrator, it then has the power to prevent you from revoking that permission, prevent you from uninstalling the app, change system settings, wipe your phone and cause other damage ."

"Android tends to be much more adventurous when it comes to rooting/running unknown applications, which in and of it self is a huge security risk ."

Whether using Apple or Android, experts said much of the security of any device revolves around user behavior. Unfortunately, studies show few users make use of available protections for the device. For instance a recent study showed that nearly 60% of Apple devices in the enterprise lack software to enforce strong passwords and just 17% use an employer-supplied password manager

No comments:

Post a Comment