Mobile Devices Now Lead as the Top Channel for Corporate Cyberattacks
Les téléphones portables jouent aujourd’hui un rôle central dans la multiplication des cyberattaques ciblant les entreprises, devenant la porte d’entrée privilégiée pour les hackers qui exploitent l’usage croissant de ces appareils au sein des organisations.
Tl;dr
- Half of mobile devices run outdated operating systems.
- Mobile phishing attacks diversify and surge, mainly via SMS.
- App vulnerabilities and weak security expose sensitive data.
Mobile Security: A Widening Threat Landscape
As mobile devices become central to both personal and professional life, recent findings from the Global Mobile Threat Report 2025 by Zimperium paint a troubling picture. According to the report, a staggering one in two mobile devices operates on an outdated system. Even more alarming, over a quarter are simply incapable of receiving essential updates, leaving them dangerously exposed to recent security flaws. The rapid adoption of the BYOD (« Bring Your Own Device ») model only amplifies this risk, as the boundaries between work and personal usage blur.
Evolving Phishing Techniques Target Mobile Users
Cybercriminals are not standing still. Beyond traditional email schemes, the threat landscape is rapidly shifting toward more direct and insidious methods. Today, smishing—phishing attacks carried out via SMS—now accounts for nearly 70% of all mobile phishing attempts. Other tactics, such as vishing (voice phishing), have surged by 28%, while novel approaches like PDF-based phishing are gaining traction. This diversity makes defense increasingly complex; as highlighted by Shridhar Mittal, CEO of Zimperium: « Les pirates se sont adaptés rapidement pour cibler ce canal, notamment dans l’environnement hybride où la frontière entre pro et perso devient floue ». Users’ relatively low vigilance on mobile platforms further tilts the odds in favor of attackers.
Application Vulnerabilities: Persistent and Overlooked Risks
Applications themselves remain an Achilles’ heel. The figures are sobering: more than 60% of iOS apps lack basic code protection, while for Android, this share is about 34%. Alarmingly, most apps leak sensitive personal information—so-called PII (Personally Identifiable Information). Several elements explain this chronic vulnerability:
- The intermingling of professional and personal applications on single devices;
- A lack of awareness or priority regarding security during internal development processes;
- The continued download of apps outside official stores, increasing exposure to sophisticated malware such as Vultur or DroidBot.
Even well-known applications can become risky if installed on compromised devices.
Towards a Holistic Defense Strategy?
Given these converging threats, a superficial approach clearly won’t suffice. As underlined by Kern Smith, VP Global Solutions Engineering at Zimperium: « adopter une approche holistique qui englobe aussi bien l’appareil que les applications » is essential. Without ongoing visibility and tailored protection measures, both businesses and individuals face mounting risks to their strategic data. The call for a comprehensive strengthening of the entire mobile ecosystem grows ever harder to ignore—and perhaps overdue.