Mobile Device Security
Smartphones and mobile devices have become essential components in our everyday business toolbox. They are in many ways miniature representations workstations and notebooks, containing sensitive and confidential information such as:
- Corporate Email
- Company Documents
- Credentials (Login Info, Certificates, VPN)
- Business Contacts
Your business has invested time and effort for becoming as resourceful as it is today. Needless to say that the unintended compromise of any one or more of the above, could have the potential to damage your organization.
Threat Landscape
Below is a quick introduction and high-level overview of some of the threats that exist for your organization’s mobile device deployments:
Physical Security
Random Theft
There are numerous real world scenarios that endanger the physical security of mobile devices. One of the risks posed is that of theft, since our devices tend to be valuable commodities that can be quickly re-sold for their near retail value.
Targeted Theft
In some cases the thieves may be that of competitors to your organization, to whom the value of the data contained on the device would be of more value than the physical value of the device itself.
Misplacement
Another more common risk is a lost or misplaced device, which can equally present inherent risks to your company with the data contained on the device.
Application and OS Security
Just as devices are becoming smarter and more powerful, so are the bad guys. Each mobile device platform has their own pro’s and con’s for security features, but all of them share some common vulnerabilities including malicious applications. These malicious apps are sold (most of the time free) on the app marketplaces of the device vendors.
In most cases they have the ability for surreptitiously:
- Stealing Device Data (contacts, emails, files)
- Remote Spying (key-logging, remote camera and microphone activation)
- DNS Hijacking (manipulating DNS to redirect users to phony copies of legitimate websites)
Network Security
The associated (and obvious) risk that is attached with having powerful devices is their ultra-portability and small form factors. There are numerous real world scenarios that pose risks, including physical security
Wireless (802.11)
There are multiple risks for corporate devices that are allowed to connect to wireless access points that are not under your organization’s control. There is no way to identify the security posture of the wireless access point’s operator, which can invite network based attacks against the devices through promiscuous network sniffing, man-in-the-middle attacks (MITM), and client-side attacks against the device itself.
GSM & 3G Security Concerns
Over the last couple of years, there have been several proof of concept attacks performed against GSM networks. There are many documents on the internet that show how to break the weak stream ciphers (A5/1 & A5/2) for around $2000 using off the shelf hardware.
There is also evidence to support that security is unacceptably weak on the signaling networks deployed by the wireless providers, which is bothersome from an information assurance and network security perspective for corporate information officers, network & security engineers.
Our Solutions
We can identify the risks and challenges that are out there for securing mobile devices in unique corporate environments. We can assess the weaknesses and work with you in designing customized solutions for smartphones and mobile devices on the following platforms:
- Android
- BlackBerry
- iPhone & iPad
- Windows Phone
Services we provide include (and not limited to):
- Device Policy Administration & Enforcement
- VPN Networking
- Remote Administration & Remote Wipe
- GPS Tracking
- Mobile Malware Reverse Engineering
Get in touch
If you would more information on how we can help, drop us a quick line to schedule a chat on out contact page.