One in Two iPhones Runs Old, Insecure OS Version

Written by

An estimated 50% of iPhones are running outdated versions of iOS, exposing organizations to unnecessary risk, according to new research from Duo Security.

The authentication security vendor claimed that half of all the Apple smartphones “in use today” are running iOS 8.3 or lower. This means they haven’t received updates fixing over 100 known flaws including Ins0mnia and Quicksand.

The former allows apps to “violate background app rules” to steal data or drain the phone’s battery, while Quicksand exposes enterprise credentials and sensitive config details, explained Duo Security R&D program manager, Mike Hanley.

What’s more, 31% of iPhones are running iOS 8.2 or below, exposing them to over 160 known vulnerabilities which were patched in later editions. And 14% are running iOS 7 or earlier and are therefore missing patches for 230+ flaws, he claimed in a blog post.

Duo Security estimates that 20 million iPhones in use today are running on old hardware that can’t receive security updates. If Apple drops support for the 4S – its oldest platform – that number will jump to 60 million.

“Compare it to standard desktop computers – we know better than to let a desktop computer run on a corporate network if it was several months (if not years) behind on security updates,” Hanley explained.

“We need to start thinking about mobile devices in the same way. Mobile devices aren’t usually subject to the same level of scrutiny, partly due to the lack of insight into the health and security risks of these devices.”

With BYOD now common in most enterprises, IT teams need to set expectations for software updates on devices which will be able to access the corporate network, he added.

Hanley urged organizations to educate users better about the importance of keeping their smartphones up-to-date.

Offering handy tips on how to clear space on the device so updates can install would be a good start. Connecting to iTunes makes for a faster update which requires less free space, for example.

Helping users find the right time to update is also important, Hanley concluded.

“We like updates at dinner time – a great opportunity to put the phone down and enjoy a meal with family and friends,” he argued. “This also addresses other concerns about running updates at night (and potentially missing a wake-up alarm) or during the work day when the phone is in use.”

What’s hot on Infosecurity Magazine?