Think your enterprise mobile devices are secure? Think again. The devices your employees use for work purposes are treasure troves of sensitive information, writes DOROS HADJIZENONOS, Country Manager of Check Point South Africa.
Think your enterprise mobile devices are secure? Think again. The iOS and Android devices your employees use for work purposes are treasure troves of sensitive information, and it only takes one compromised device to put your business in a perilous predicament.
A 2016 survey of IT security professionals showed that 40% of organisations make BYOD available to all employees while 32% make it available to select employees. Workers use these same devices to download personal apps and emails – exposing your network to phishing scams and malware infections.
More than one billion Android mobile devices are not safe – and may never be. iPhones and iPads aren’t immune to risk either. In fact, there is a 50% chance that an organisation with more than 2,000 mobile devices has at least six infected devices.
Here are the five most common misconceptions about mobile security and how you can secure your mobile workforce.
1. Mobile isn’t a big problem
Firewalls and security infrastructures that protect PC desktops and laptops do not provide enough protection from mobile attacks.
Mobile attacks come from three primary sources: network attacks, infected apps and system exploits. While testing mobile security for prospective customers, Check Point regularly finds 5% to 20% of enterprise devices are already compromised. It takes only one compromised device to penetrate your security perimeter.
Discovering a breach takes an average of about six months, and a response to fix the breach another three months. This means that once a breach is detected, the damage is already done. Remediation can be costly, as is containing the damage to brand reputation. Even if the damage is under control, your company may not know vital trade secrets were compromised until your competitive advantage is suddenly lost.
2. MDM is enough
Many companies rely on basic mobile hygiene policies using mobile device management (MDM) or enterprise mobility management (EMM) solutions. Some augment these solutions with a hodgepodge of point solutions that offer incremental and often rudimentary enhancements.
These solutions help control damage inflicted by compromised devices and address many known threats, but are unable to detect recently created malware or new vulnerabilities in networks, operating systems and apps.
For example, gaining root access to a mobile device (also called “rooting” on Android or “jailbreaking” on iOS) enables cybercriminals to make a broad range of customisations and configurations to serve their objectives. MDM and EMM systems detect the existence of certain files in a system directory that enable root access by employing several methods, including static root indicators. However, free tools for Android and iOS devices are available for avoiding this type of detection. By changing root access indicators continually, cybercriminals can evade detection, and even deny root check requests from the EMM or MDM system, disabling detection entirely.
3. Secure containers are safe
Secure containers for data management platforms provide security inside the enterprise perimeter. However, mobile devices often access systems and apps like Salesforce, Oracle or SAP outside the perimeter. While these systems and apps have their own protections, network spoofs or man-in-the-middle attacks eavesdrop, intercept and alter traffic. Everything a user does, including entering passwords, could be intercepted by criminals, and used to breach the perimeter and to steal financial and personnel information.
Attackers often trick employees into logging into malicious sites. While users believe they’re interacting with a known and trusted entity in the cloud, the attacker takes over their device, copying credentials, snooping on instant messages, or stealing their sensitive information.
Corporate executives and employees sometimes save critical documents and sensitive information outside the secure container – using a cloud storage service to easily access while travelling or share with partners. Once compromised, attackers intercept these communications and access these important and sometimes confidential documents.
4. iOS is immune
Apple’s iOS is not immune to threats. Some organisations using MDMs unwittingly distribute infected apps to iPhones and iPads. Apps from unauthorised, unreliable app stores may also harbour viruses, and hackers even compromised Apple’s development tools, sneaking malware into new apps without the developers’ knowledge.
Check Point recently discovered a vulnerability found in iOS that exploits a loophole in the Apple Developer Enterprise program. The program lets organisations develop and distribute apps for internal enterprise use without publishing them on Apple’s App Store. These apps typically distribute quickly and directly to devices.
However, malicious apps can use this same method and enable criminals to stage man-in-the-middle attacks and hijack communications between managed iOS devices and MDM solutions. This type of exploit gives criminals control of the devices, the data that resides on them, and even enterprise MDM services.
Flaws in Apple’s enterprise app installation process allow the introduction of unverified code into the iOS ecosystem. MDM systems could end up being the distribution systems for the very malicious apps they are defending against. Without an advanced mobile threat detection and mitigation solution on your iPhone, you may never suspect that any malicious behaviour ever took place.
5. Mobile antivirus is all I need
Mobile antivirus solutions are limited compared to their PC cousins. They can uncover malicious code in apps by looking for unique binary signatures that identify known malware. However, criminals have found new ways to obfuscate those signatures, making them useless in the detection of mobile malware. Even a slight change in the code, such as adding a simple line that does nothing, changes the app’s signature and the new version of the malicious app will slip by undetected by the antivirus program.
Signatures are not available for “zero-day” (newly created) malware. To catch and block a virus, your antivirus program first must know that it exists. Even if updated daily, antivirus programs still couldn’t keep up with the onslaught of these attacks.
Secure your mobile workforce
Mobile devices require a new, intelligent approach to threat prevention. MDM and EMM protection and secure containers are not enough, and antivirus products cannot cope with new malware found every day. Even iPhones are not secure. The continuous, rising wave of attacks puts your company at serious risk.
You need a solution that continuously analyses devices, uncovering known and unknown vulnerabilities and criminal behaviour, by applying threat emulation, advanced static code analysis, app reputation, and machine learning.
Stop malware before it communicates with criminal servers, and detect threats at the device, app, and network levels. Always have an accurate picture of the threats and devices on your network and detailed information about risk mitigation.
Low-cost wireless sport earphones get a kickstart
Wireless earphone brands are common, but not crowdfunded brands. BRYAN TURNER takes the K Sport Wireless for a run.
As wireless technology becomes better, Bluetooth earphones have become popular in the consumer market. KuaiFit aspires to make them even more accessible to more people through a cheaper, quality product, by selling the K Sport Wireless Earphones directly from its Kickstarter page
KuaiFit has an app by the same name which offers voice-guided personal training services in almost every type of exercise, from cardio to weight-lifting. A vast range of connectivity to third-party sensors is available, like heart rate sensors and GPS devices, which work well with guided coaching.
The app starts off with selecting a fitness level: beginner, intermediate and advanced. Thereafter, one has the ability to connect with real personal trainers via a subscription to its paid service. The subscription comes free for 6 months with the earphones, and R30 per month thereafter.
The box includes a manual, a USB to two USB Type B connectors, different sized soft plastic eartips and the two earphone units. Each earphone is wireless and connects to the other independently of wires. This puts the K Sport Wireless in the realm of the Apple Earpods in terms of connection style.
The earphones are just over 2cm wide and 2cm high. The set is black with a light blue KuaiFit logo on the earphone’s button.
The button functions as an on/off switch when long-pressed and a play/pause button when quick-pressed. The dual-button set-up is convenient in everyday use, allowing for playback control depending on which hand is free. Two connectivity modes are available, single earphone mode or dual earphone mode. The dual earphone mode intelligently connects the second earphone and syncs stereo audio a few seconds after powering on.
In terms of connectivity, the earphones are Bluetooth 4.1 with a massive 10-meter range, provided there are no obstacles between the device and the earphones. While it’s not Bluetooth 5, it still falls into the Bluetooth Low Energy connection category, meaning that the smartphone’s battery won’t be drastically affected by a consistent connection to the earphones. The batteries within the earphones aren’t specifically listed but last anywhere between 3 and 6 hours, depending on the mode.
Audio quality is surprisingly good for earphones at this price point. The headset style is restricted to in-ear due to its small design and probable usage in movement-intensive activities. As a result, one has to be very careful how one puts these earphones, in because bass has the potential of getting reduced from an incorrect in-ear placement. In-ear earphones are usually notorious for ear discomfort and suction pain after extended usage. These earphones are one of the very few in this price range that are comfortable and don’t cause discomfort. The good quality of the soft plastic ear tip is definitely a factor in the high level of comfort of the in-ear earphone experience.
Overall, the K Sport Wireless earphones are great considering the sound quality and the low price: US$30 on Kickstarter.
Find them on Kickstarter here.
Taxify enters Google Maps
A recent update to Taxify now uses Google Maps which allows users to identify their drivers, find public transport and search for billing options.
People planning their travel routes using Google Maps will now see a Taxify icon in the app, in addition to the familiar car, public transport, walking and billing options.
Taxify started operating in South Africa in 2016 and as of October 2018 operates in seven South African cities – Johannesburg, Ekurhuleni, Tshwane, Cape Town, Durban, Port Elizabeth and Polokwane.
Once riders have searched for their destination and asked the app for directions, Google Maps shares the proximity of cars on the Taxify platform, as well as an estimated fare for the trip.
If users see that taking the Taxify option is their best bet, they can simply tap on the ‘Open app’ icon, to complete the process of booking the ride. Customers without the app on their device will be prompted to install Taxify first.
This integration makes it possible for users to evaluate which of the private, public or e-hailing modes of transport are most time-efficient and cost-effective.
“This integration with Google Maps makes it so much easier for users to choose the best way to move around their city,” says Gareth Taylor, Taxify’s country manager for South Africa. “They’ll have quick comparisons between estimated arrival times for the different modes of transport, as well as fares they can expect to pay, which will help save both time and money,” he added.
Taxify rides in Google Maps are rolling out globally today and will be available in more than 15 countries, with South Africa being one of the first countries to benefit from this convenient service.