Of all the data points contained in Zimperium’s recently released 2022 Global Mobile Threat Report, perhaps the most shocking is the spike in known cases of zero-day exploits being used in attacks against mobile devices. A zero-day exploit is one where the vendor is unaware of the corresponding vulnerability at the time of attack and has therefore not provided a workable patch. The number jumped to 17 from three the previous year, while the share of zero-days that were mobile-specific increased from 11% to 31%.
To me, these numbers confirm that as the primary compute device on the planet, smartphones are now rightly seen by threat actors as targets worthy of effort, a situation exacerbated in large part by the work-from-anywhere mindset necessitated by the pandemic. A compromised smartphone can be used to obtain or deduce an organization’s secrets and gain illicit access into its most vital systems.
Seen from this light, mobile security is no longer a “nice to have” but an imperative in any security program. Only with a holistic view of the threat landscape can security teams work to both prevent mobile attacks and mitigate the fallout of a compromised mobile device.