Mobile Breach Cause: Poor Configuration

Thursday, May 29, 2014 @ 04:05 PM gHale


Nearly 2.2 billion smartphones and tablets will end up sold this year and by 2017, 75 percent of mobile security breaches will be the result of mobile application misconfiguration, researchers said.

“Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” said Dionisio Zumerle, principal research analyst at Gartner. “A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”

RELATED STORIES
Encryption Woes with Android Email Apps
Apps Take Photos with No One Knowing
iPhone Hack Attack Spreading
Siri Allows iPhone Break-in

With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing. By 2017, Gartner predicts the focus of endpoint breaches will shift to tablets and smartphones.

To do significant damage in the mobile world, malware needs to act on devices altered at an administrative level.

“The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” Zumerle said.

While these methods allow users to access certain device resources that are normally inaccessible, they also put data in danger. This is because they remove app-specific protections and the safe ‘sandbox’ provided by the operating system. They can also allow malware to download to the device and open it up to all sorts of malicious actions, including extraction of enterprise data. ‘Rooted’ or ‘jailbroken’ mobile devices also become prone to brute force attacks on passcodes.

The best defense is to keep mobile devices fixed in a safe configuration by means of a mobile device management (MDM) policy, supplemented by app shielding and ‘containers’ that protect important data.

Gartner recommends that IT security leaders follow an MDM/enterprise mobility management baseline for Android and Apple devices:
• Ask users to opt in to basic enterprise policies, and prepare to revoke access controls in the event of changes. Users that are not able to bring their devices into basic compliance must not get access.
• Require that device passcodes include length and complexity as well as strict retry and timeout standards.
• Specify minimum and maximum versions of platforms and operating systems. Disallow models that cannot end up updated or get support.
• Enforce a “no jailbreaking/no rooting” rule, and restrict the use of unapproved third-party app stores. Devices in violation should end up disconnected from sources of business data, and potentially wiped, depending on policy choices.
• Require signed apps and certificates for access to business email, virtual private networks, Wi-Fi and shielded apps.



Leave a Reply

You must be logged in to post a comment.