10 Trends That Show Mobile And Internet Of Things Threats Are On The Rise

Rising Markets, Rising Threats

The mobile and Internet of Things markets are surging ahead, and that upsurge, in turn, is driving the enormous growth in the number (and sometimes severity) of security threats associated with those burgeoning technologies. From hacks into the controls of connected cars, to continuing onslaughts toward exploiting Android vulnerabilities, to breaches that take advantage of flaws in mobile payment systems, threats are coming at devices, software and platforms from seemingly all directions. As part of CRN's Cybersecurity Week, we dug into some of the trends and events that are demonstrating that mobile and IoT threats are on the rise. Take a look at what we found.

10. Proliferation Of Devices

Driving up the number of threats around IoT and mobile is the sheer number of devices hitting the market. According to market research firm Gartner, there will be 6.4 billion connected devices worldwide by the end of 2016, up 30 percent from this year. By 2020, Stamford, Conn.-based Gartner predicts, there will be 20.8 billion devices. Of those numbers, more than 1.8 billion will be in businesses by 2015 and more than 7.2 billion will be in businesses by 2020, the report said.

9. Fragmentation Of Supply Chain

According to Gartner, 5.5 million new "things" were connected every day in 2015. A large part of securing those devices as they enter the market is the fragmentation of the supply chain, said Lee Weiner, senior vice president of products and engineering at Boston-based security solution provider Rapid7. That's a challenge, he said, because it makes it much more difficult to have security controls implemented from the start.

"An investment will need to be made by manufacturers or distribution to make sure they properly treat these devices, that they have good quality controls and have a process to manage flaws," Weiner said. "I think we have a lot of work to do there."

8. Attacks Hitting Home

This year, attacks on IoT devices hit home. From cars to Vtech devices, Barbie dolls to baby monitors, hackers and researchers were finding (and sometimes exploiting) vulnerabilities in connected devices across the market. Those incidents help show how the threat associated with the Internet of Things is real and spreading across a wider variety of markets, Rapid7's Weiner said.

"It's more than just hype," Weiner said. "We've seen that play out in a bunch of different areas in 2015."

7. Continued Android Vulnerabilities

Android continues to be a sore spot for mobile security. According to the 2015 Verizon Data Breach Report, there were hundreds of thousands of mobile malware infections affecting devices running Google's Android operating system over the past year, accounting for 96 percent of all mobile malware. However, the report from New York-based Verizon said, most of the malware was adware, with only 0.03 percent of devices being infected with malicious malware.

6. Rise Of Ransomware

Ransomware is on the rise, but it isn't just PCs that are vulnerable, said Kevin Haley, director of Symantec Security Response for Mountain View, Calif.-based Symantec. According to the Symantec Internet Security Threat Report, ransomware grew 113 percent in 2015,and perpetrators demanded an average $300 to get files back. Haley said "any connected device is vulnerable to infection," including IoT devices such as TVs, routers, smartwatches and more.

"It's important that people understand how to protect all of their 'smart' items," Haley said.

5. Mobile App Development Shortcomings

According to a December study by Burlington, Mass.-based application security company Veracode, 87 percent of Android apps and 80 percent of iOS apps had problems with security, primarily around cryptography. The report called that number of vulnerabilities "concerning." The report analyzed more than 200,000 apps over two years. Of those vulnerabilities, Veracode found that 50 percent of dynamic vulnerabilities and 64 percent of static vulnerabilities had been fixed.

4. Smartwatches Falling Short

Smartwatches are rising in popularity, but a study from Palo Alto, Calif.-based Hewlett-Packard this year found that they aren't being built with a security-first mindset. Digging into the top 10 smartwatch brands, HP found that many of the devices had insufficient authentication and authorization measures, insecure network services, a lack of transport encryption, privacy concerns around health care and other personal information, an insecure cloud interface, an insecure mobile interface and insecure software and firmware.

3. Mobile Security Market Multiplies

An aftereffect: The continued influx of mobile threats is driving an upward trend in mobile security spending. The market for mobile security is expected to hit $5.75 billion by 2019, up from $1.5 billion in 2014, according to Pune, India-based research firm MarketsandMarkets. That comes to a compound annual growth rate of 30.7 percent from 2014 to 2019.

2. Mobile Payments Security Lacking

Another threat to mobile phone users is the addition of mobile payment applications, like Apple Pay and Venmo. These mobile payment systems might not be as secure as you might think, according to a recent review by San Francisco-based security solutions provider BlueBox Security. The study, which examined the top 10 mobile payment apps, found that many of them lacked the protections necessary for financial transactions, including anti-tampering controls, encryption and obfuscated code.

1. Public Sector Involvement

Even the U.S. Department of Homeland Security is getting involved with the fight to secure the Internet of Things. In December, the department announced that it would be looking to recruit and fund startups to, among other things, detect IoT connects, authenticate components and update IoT components. The department said it also wants to have Silicon Valley help determine the challenges IoT poses to national security.