Mobile security vulnerabilities increased eight-fold since 2006

LAS VEGAS: Mobile threats have risen by more than eight times over the past five years, according to the latest IBM X-Force Trend and Risk Report.

IBM gave a sneak preview of its forthcoming security report during a press briefing at Pulse 2011 in Las Vegas. The report will reveal that mobile operating system vulnerabilities increased from less than 20 in 2006 to more than 160 in 2010. There has been a sharp rise from 2009, when around 70 issues were identified.

The report also shows that the number of mobile operating system exploits has grown from zero in 2006, to four in 2008 and 14 last year.

IBM was keen to put the numbers in perspective, pointing out that the vulnerabilities would be shared across mobile and desktop software, and that the exploits are often due to the current trend for jailbreaking or modifying mobiles.

“It stems from a desire users have to jailbreak their device to do things the manufacturer didn’t intend,” said Tom Cross, manager for X-Force Strategy and Threat Intelligence, Tivoli. “In order to do that, they need the exploit code.”

In response to the growing mobile threat, Cross advised enterprises to start applying and tailoring security policies for smartphones and tablets, as they increasingly enter the workplace.

“As people are using their personal phones to do work, firms need to engage users [about mobile security] as they have a concern about the information they have on that device,” Cross said. “It’s dawning on IT managers that they need to deal with this.”

Cross offered up a basic five-point checklist for mobile security: contain smartphone VPN access; control the installation of third party and unsigned apps; establish screen lock password policies; set up lost device procedures; and evaluate smartphone anti-virus products.

The full X-Force report is due to be launched mid-March.