The Latest Threat to Mobile Devices and Mobile Device Management
It sounds like a James Bond movie plot device, but Spyphones are the latest threat to mobile devices according to researchers who recently spoke at Black Hat Europe. Several technology security experts warned that hackers are finding ways to circumvent mobile operating systems, turning victims’ phones into spyphones that can be used to capture critical company data.
As more companies and CIOs have implemented bring your own device (BYOD) policies and issued mobile devices to their employees, they have also discovered the need for safely securing information on those devices. Mobile Device Management systems work by providing a secure location for business data on devices, often encrypting the part of the device used for business storage. Robust MDM systems also include the ability to remotely lock or wipe devices in case a device is lost or stolen or if an employee quits. MDM systems are important and prevalent: 65% of business will adopt an MDM system over the next five years. While the protection these services provide is important, users need to recognize that MDM protection is not absolute.
Researchers found that about 1 in 1000 devices surveyed were spyphones. Once converted, spyphones can be used to record phone calls and meetings, read confidential memos and e-mails, and copy voice mails, call logs, and text messages. Most often users do not realize that their devices have been compromised.
Though iOS devices are typically harder to attack, their large market share makes them an attractive target for hackers. Over half of the spyphones found were iOS devices. Attackers are able to get around iOS and MDM security by using a “jailbreak” technique that inserts container bypass code into the secure location on the device. Once that is done, hackers erase all evidence of the attack and install “hooks” that signal them every time an e-mail is read and allow them to copy the information.
Although mobile device management systems are not foolproof, businesses should not neglect their mobile protection, like they do with virus protection on their desktops and servers. MDM systems help users keep personal and business information separate and remote wipe capabilities can be vital when dealing with a lost device or disgruntled ex-employee.
Benefits of Mobile Device Managment include:[itemlist]
- Allowing businesses to remotely lock lost or stolen devices.
- Remotely erasing company data from devices that have been lost, stolen, or otherwise compromised.
- Managing apps on remote devices, allowing them to both remove potentially dangerous applications and load applications necessary for business use.
- Keeping existing infrastructure. MDM is simply an added component to that system and doesn’t typically require major restructuring.