How secure, really, is your mobile phone?
As Apple launches an anti-hacking feature for iPhones, just how safe is your phone from cyber attacks? And is Apple or Android better at protecting your mobile communications?
Apple recently announced the ‘Lockdown’ feature, rolling out in September, to stop known malware from attacking the iPhone. While this has been designed for people who might be at higher risk of attack, it begs the question: just how secure are our everyday devices?
Apple’s new Lockdown mode, which blocks a number of different access points to the iPhone by restricting some of the functionality you might usually expect to have, aims to prevent a large number of known malware from compromising iPhones. It’s in response to a number of high-profile hacks, including the use of NSO Group’s ‘Pegasus’ surveillance software on politicians, activists and journalists’ phones.
There are a number of places we can look for publicly available information on phone security. One of these is called the MITRE ATT&CK framework, which provides a good overview of the different types of attack that can be carried out against our devices. It shows there are currently 77 methods to attack Android mobile devices, compared with only 53 for IOS mobile devices. We can dig a bit deeper and look at MITRE’s catalogue of ‘Common Vulnerabilities and Exposures’ (CVEs); these can be exploited by bad actors to help them carry out these attacks. In 2021, 572 Android CVEs were tracked, compared with 380 IOS CVEs. This has been a consistent trend over the past half decade.
The framework shows there are more opportunities for Android devices to be attacked, by more attack methods. On average IOS devices look to be much safer, yet significant critical threats remain which are harder to access but have a higher pay off for hackers.
So why is this the case?
Apple has a controlled software ecosystem, where each phone is manufactured to a certain specification, and with a limited number of models, it means that software updates (one of the essential tools to patch up vulnerabilities) are quickly rolled out.
Android phones on the other hand have a much more difficult task. Just walk into your local phone shop and see all the different models available from different manufacturers: each update needs to cover all of them. The next hurdle is that any Android software or app needs to make sure an update doesn’t interfere with their own build, which then needs to be rolled out to all its users.
Out of the box, IOS looks to be more secure, but don’t forget with this closed ecosystem you rely on Apple to assess and manage the security of your device. For those who prefer to use Android devices, the onus is on you to source a reliable security platform which adds a protective layer.
The answer isn’t to lock your phone away in a lead box so that not even Superman could get hold of it. Rather, get to know what threats are out there, understand how protected you are, and look for the right tools to help you stay safe.
The launch of ‘Lockdown’ is a great example of a centralised response to protect users. What’s going to be interesting, is whether everyday users - those of us who aren’t, say, world leaders - start to trade off functionality for security and start to use Lockdown mode.
Originally featured by the Evening Standard