Page 14 - Mobile Data Loss
P. 14

8     Mobile Data Loss


             An iOS jailbreak typically requires that the attacker enter their PIN
          and then pair the device to their PC or Mac with iTunes by confirming
          the “trust” notification. Without the PIN (assuming it has one), you
          cannot pair the device to a PC or Mac, diminishing the ability to jail-
          break a device. This is one of the many reasons why a PIN or
          Passcode is fundamentally important to protect against someone other
          than the user from accessing data on it by jailbreaking the device. This
          presents a challenge to the attacker as most MDM/EMM (Mobile
          Device Management/Enterprise Mobility Management) products
          enforce a PIN or Passcode with an automated policy to wipe the
          device after 10 failed login attempts.

             On Android, there are many variants of rooting. In fact, some
          devices come from the factory already rooted! These devices may come
          with a custom ROM or backup software installed that requires the
          device to be rooted in order for backup software to function. Other
          threats can stem from a user who enables the ADB (Android Debug
          Bridge) or USB controls to tether it to a PC or Mac and side-load an
          app outside of the Google Play. All of these can lead to a compromise
          of the Android device leading to escalation of privileges, weakening of
          root permissions, and other indications of a compromise.
             Device manufacturers, carriers, and others modify the Android OS
          leading to a plethora of Android variants, and unknowingly can create
          vulnerability in their build. There have been many Android operating
          system compromises through malicious apps that expose a device vul-
          nerability to allow privilege escalation.

             Here’s a short list of various mobile operating system compromises
          and risks:
          • Jailbreak (variants including Pangu and Evasion)
          • XCon (Jailbreak anti-detection)
          • Rooting (variants)
          • Android ADB/USB Controls
          • Android Custom ROMs
          • Android Modified file permissions
             From a user or administrator standpoint, PIN and encryption is the
          first line of defense that can be used to mitigate the threat of attack. In
          a lost or stolen scenario, the attacker must typically first bypass the
   9   10   11   12   13   14   15   16   17   18   19