Page 13 - Mobile Data Loss
P. 13
CHAPTER 2 2
Understanding Mobile Data Loss Threats
MOBILE THREAT VECTORS
In the last chapter I outlined three main differences in mobile versus
the PC era:
• Mobile operating systems leverage sandboxing techniques to isolate
apps and their data from one another.
• The network perimeter has become blurred; data now lives every-
where, on the device, on the network, in the cloud, and within apps.
• BYOD has ushered in an opposite approach for IT; users own the
device, but IT wants to ensure enterprise data is secure on the device
while maintaining the user’s privacy.
This changes the threat landscape and creates a new attack surface
for attackers. This impacts how we protect against malware, data risks,
network attacks, and compromises. Let’s dig deeper into the mobile
threat vectors.
MOBILE OS COMPROMISE
Users will commonly jailbreak (iOS) or root (Android) a device to cus-
tomize their device, and unlock additional features and functionality.
This typically involves connecting their device to their PC or Mac and
using freely available software designed to perform the jailbreak or
rooting activity. This jailbreak or root activity may also stem from
malware that exploits vulnerability in the mobile operating system.
Most are not aware of the security implications of a jailbreak or root.
A jailbreak or root on the device will unlock additionally function-
ality, services, and the ability for the user to download apps outside of
the curated app stores. As a result, the security becomes greatly dimin-
ished, making the device much more vulnerable to malware, privilege
escalation, network attacks, and ultimately data loss.
Mobile Data Loss. DOI: http://dx.doi.org/10.1016/B978-0-12-802864-3.00002-7
© 2016 Elsevier Inc. All rights reserved.
