Page 15 - Mobile Data Loss
P. 15

Understanding Mobile Data Loss Threats  9


            PIN protection in order to pair the device to a PC or Mac before the
            jailbreak or rooting can be performed. Considering the broad range of
            mobile operating system compromises, detection capabilities are also
            critically important to the management ability to quarantine devices.



            MALWARE AND RISKY APPS

            The PC world is inflicted with malware from a myriad of different
            attack vectors ranging from the operating system vulnerabilities, net-
            work services, applications, middleware, browsers, and more. The lack
            of application sandboxing makes the average PC vulnerable to file
            infections that impact the operating system, applications, and data.
            The operating is vulnerable to file infections from malicious websites
            that prompt a file download to the PC, email attachments with
            infected file attachments, viruses passed on by a shared USB drive,
            and a plethora of other threat scenarios. Furthermore, these legacy
            operating systems have little-to-no kernel protection. Lastly, users are
            not provided any form of a curated app store. Aside from business
            apps, other applications are downloaded from millions of websites
            with no known integrity or trust. The result is that a file can impact all
            apps, all data, and typically the operating system.
               This is somewhat different from mobile malware, which is typically
            deployed through apps rather than files. This can stem from a phishing
            attempt through a malicious email or SMS text message that prompts the
            user to download an app or an update to an app. In addition, malicious
            apps sometimes make their way into one of the curated app stores, such as
            with the XcodeGhost malware. More on this is discussed in the next
            chapter.
                                                      1
               As demonstrated by the Masque Attack on iOS devices, threats
            such as these don’t require a compromise of the mobile operating sys-
            tem, such as a Jailbreak for iOS or Rooting of an Android device.
            Instead the user is coerced through the phishing attack to download an
            update to an existing app. Since this app is signed using the enterprise
            signing certificate, the updated app is considered trusted and is there-
            fore updated and now infected with malware. This malware can steal


            1 https://www.fireeye.com/blog/threat-research/2014/11/masque-attack-all-your-ios-apps-belong-to-
            us.html
   10   11   12   13   14   15   16   17   18   19   20