Data breaches are a huge and growing problem, but the odds that a cybercriminal will steal your bank or contact information from your smartphone are incredibly small, a new study has found.
The biggest security issue facing mobile users is malware — malicious code sometimes hidden in apps — and even that isn’t much of a big deal, according to Verizon’s 2015 Data Breach Investigations Report. The report culled information on 2,122 confirmed data breaches and nearly 80,000 security incidents, that is events in which data has been exposed but not disclosed to a third party.
“This report is filled with thousands of stories of data loss…and rarely do those stories include a smartphone,” the study’s authors wrote.
In fact, Verizon found that each week an average of just 0.03 percent of mobile devices on its network “were infected with ‘higher-grade’ malicious code,” the kind of code used to steal your financial data.
That doesn’t mean your phone isn’t susceptible to a data breach. It just means the bad guys are looking elsewhere. Remember, data breaches at major retailers like Target didn’t happen over a smartphone.
“We are not saying that we can ignore mobile devices; far from it,” according to the study. “Mobile devices have clearly demonstrated their ability to be vulnerable. What we are saying is that we know the threat actors are already using a variety of other methods to break into our systems, and we should prioritize our resources to focus on the methods that they’re using now.”
Most vulnerable platform
So your mobile device is probably safe from attack right now — especially if you own an iPhone or iPad.
Verizon’s study partner FireEye, a cybersecurity firm, analyzed more than 7 million apps from January to October 2014. It found that 96 percent of malware targets Android apps alone. Most of that malware is what Verizon classified as “adnoyance-ware,” unwanted software that automatically displays advertisements in the application.
But FireEye found an increase in the number of Android apps designed to take your financial data, rising nearly 500 percent to 1,300 in December 2013.
The company puts the problem squarely in the corner of the mobile operating system companies.
“While mobile devices face many threats, app stores and app developers constitute the greatest risks. The apps we download, and their ensuing actions, have the potential to expose all information on the device,” FireEye wrote in its separate report, Out of Pocket. “Malicious apps can steal bank account details, copy emails, and collect VPN credentials. Adware can collect personal contact details, take note of all apps installed, and track GPS coordinates. And even in benign apps, developers make mistakes. They unwittingly write flawed code that leaves the app open to attack.”
So, mobile security might not be a big deal today. But tomorrow?