Mobile Device Management (MDM) solutions are perceived to be the ultimate solution for mobile security in the enterprise. According to Gartner’s October 2012 report: “Over the next five years, 65 percent of enterprises will adopt a mobile device management (MDM) solution for their corporate liable users.”
But do MDM solutions really provide the security that corporations are looking for?
As their names imply, MDMs are mobile policy and configuration management tools. With the rise of consumer-owned and -enabled mobile devices in the enterprise (such as BYOD), organizations have recognized the challenge of establishing and enforcing a standard policy to help manage the influx of these devices.
MDM addresses these needs by providing management across four different layers:
- Software management. Manages mobile applications, content and operating systems
- Network service management. Gains network-device information such as location, usage and cellular/ WiFi, in order to support remote services
- Hardware management. Manages the physical device components
- Security management. Enforcement of various security policies
Secure containers separate between business and personal data on the mobile and prevent business critical data from leaking out to unauthorized individuals. This is done by encrypting the data on the phone and providing additional data security features.
A common scenario for secure containers is to enable companies to perform a “remote-wipe” only on an ex-employee’s business data, rather than removing all mobile data, thus relieving the anguish (and possibly, also the legal ramifications) of deleting the employee’s personal photographs, as well.
Essentially, the secure container runs in the mobile’s OS supplied sandbox, where the separation between business and personal data is implemented through encryption.
The Mobile ‘Threatscape’
Looking at the mobile threat landscape, there are two separate categories of malicious mobile applications:
1. Mass Mobile Malicious Apps.
These are consumer-oriented malicious applications with the obvious financial motivation. Examples of such malicious apps include apps that monetize on premium text, dialers, SMS spammers and mobile banking trojans.
Some apps may not be obviously malicious but attempt to access much more data than they should. Many of these apps are hidden within the official Google Play store.
2. Targeted Mobile Attacks, aka Mobile Remote Access Trojans (mRATS).
These are mobile surveillance software installed on particular individuals. Once installed, spyphones are privy to all data on the mobile, as well as to all communication passed on the device.
To paint a better picture of how common mRATs are in the wild, Lacoon Mobile Security partnered with global cellular network providers to sample 500,000 subscribers.
Infection Rates: The first sampling showed that 1 of 1000 devices had a spyphone installed.
Spyphone distribution by OS: Our sampling showed that 47 percent of the infected devices were iOS-enabled and 53 percent were Android-based. The following figure details the distribution by device version.
At the end of the day, the underlying notion of the secure container is that they depend on the integrity of the host system. This encourages us to deliberate the added value of the secure container:
- If the host system is uncompromised, what is the added value?
- If the host system is compromised, what is the added value?
It is important to recognize that infection is inevitable. MDMs cannot provide absolute security. They are certainly a beneficial tool for certain use cases, such as management, compliance enforcement, DLP and physical loss. However, MDM is static and thus, inefficient against the dynamic nature of cyber-crime.
When introducing mobile devices into the organization, security professionals must ensure that they have enough visibility of the device’s behavior in order to assess risk in real-time. Only then will they have enough information to take the right action required for mitigating the threat.
About the Author: Yonni Shelmerdine is the lead Mobile Security Trends Analyst at Lacoon Mobile Security. Yonni brings five years of experience in Datacom & GSM network security analysis from an elite unit in Israel’s Intelligence Corps. Yonni heads the analysis of mobile attack trends where he researches new attack vectors and identifies major mobile malware attack patterns.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. If you are interesting in contributing to The State of Security, contact us here.